<?php // This is free and unencumbered software released into the public domain. /** * OpenPGP_Crypt_RSA.php is a wrapper for using the classes from OpenPGP.php with Crypt_RSA * * @package OpenPGP */ // From http://phpseclib.sourceforge.net/ use phpseclib\Crypt\RSA as Crypt_RSA; use phpseclib\Math\BigInteger as Math_BigInteger; define('CRYPT_RSA_ENCRYPTION_PKCS1', Crypt_RSA::ENCRYPTION_PKCS1); define('CRYPT_RSA_SIGNATURE_PKCS1', Crypt_RSA::SIGNATURE_PKCS1); require_once dirname(__FILE__).'/openpgp.php'; @include_once dirname(__FILE__).'/openpgp_crypt_symmetric.php'; /* For encrypt/decrypt */ class OpenPGP_Crypt_RSA { protected $key, $message; // Construct a wrapper object from a key or a message packet function __construct($packet) { if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); if($packet instanceof OpenPGP_PublicKeyPacket || $packet[0] instanceof OpenPGP_PublicKeyPacket) { // If it's a key (other keys are subclasses of this one) $this->key = $packet; } else { $this->message = $packet; } } function key($keyid=NULL) { if(!$this->key) return NULL; // No key if($this->key instanceof OpenPGP_Message) { foreach($this->key as $p) { if($p instanceof OpenPGP_PublicKeyPacket) { if(!$keyid || strtoupper(substr($p->fingerprint, strlen($keyid)*-1)) == strtoupper($keyid)) return $p; } } } return $this->key; } // Get Crypt_RSA for the public key function public_key($keyid=NULL) { return self::convert_public_key($this->key($keyid)); } // Get Crypt_RSA for the private key function private_key($keyid=NULL) { return self::convert_private_key($this->key($keyid)); } // Pass a message to verify with this key, or a key (OpenPGP or Crypt_RSA) to check this message with // Second optional parameter to specify which signature to verify (if there is more than one) function verify($packet) { $self = $this; // For old PHP if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); if(!$this->message) { $m = $packet; $verifier = function($m, $s) use($self) { $key = $self->public_key($s->issuer()); if(!$key) return false; $key->setHash(strtolower($s->hash_algorithm_name())); return $key->verify($m, reset($s->data)); }; } else { if(!($packet instanceof Crypt_RSA)) { $packet = new self($packet); } $m = $this->message; $verifier = function($m, $s) use($self, $packet) { if(!($packet instanceof Crypt_RSA)) { $key = $packet->public_key($s->issuer()); } if(!$key) return false; $key->setHash(strtolower($s->hash_algorithm_name())); return $key->verify($m, reset($s->data)); }; } return $m->verified_signatures(array('RSA' => array( 'MD5' => $verifier, 'SHA1' => $verifier, 'SHA224' => $verifier, 'SHA256' => $verifier, 'SHA384' => $verifier, 'SHA512' => $verifier ))); } // Pass a message to sign with this key, or a secret key to sign this message with // Second parameter is hash algorithm to use (default SHA256) // Third parameter is the 16-digit key ID to use... defaults to the key id in the key packet function sign($packet, $hash='SHA256', $keyid=NULL) { if(!is_object($packet)) { if($this->key) { $packet = new OpenPGP_LiteralDataPacket($packet); } else { $packet = OpenPGP_Message::parse($packet); } } if($packet instanceof OpenPGP_SecretKeyPacket || $packet instanceof Crypt_RSA || ($packet instanceof ArrayAccess && $packet[0] instanceof OpenPGP_SecretKeyPacket)) { $key = $packet; $message = $this->message; } else { $key = $this->key; $message = $packet; } if(!$key || !$message) return NULL; // Missing some data if($message instanceof OpenPGP_Message) { $sign = $message->signatures(); $message = $sign[0][0]; } if(!($key instanceof Crypt_RSA)) { $key = new self($key); if(!$keyid) $keyid = substr($key->key()->fingerprint, -16, 16); $key = $key->private_key($keyid); } $key->setHash(strtolower($hash)); $sig = new OpenPGP_SignaturePacket($message, 'RSA', strtoupper($hash)); $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); $sig->sign_data(array('RSA' => array($hash => function($data) use($key) {return array($key->sign($data));}))); return new OpenPGP_Message(array($sig, $message)); } /** Pass a message with a key and userid packet to sign */ // TODO: merge this with the normal sign function function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) { if(is_array($packet)) { $packet = new OpenPGP_Message($packet); } else if(!is_object($packet)) { $packet = OpenPGP_Message::parse($packet); } $key = $this->private_key($keyid); if(!$key || !$packet) return NULL; // Missing some data if(!$keyid) $keyid = substr($this->key->fingerprint, -16); $key->setHash(strtolower($hash)); $sig = NULL; foreach($packet as $p) { if($p instanceof OpenPGP_SignaturePacket) $sig = $p; } if(!$sig) { $sig = new OpenPGP_SignaturePacket($packet, 'RSA', strtoupper($hash)); $sig->signature_type = 0x13; $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x01 | 0x02)); $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); $packet[] = $sig; } $sig->sign_data(array('RSA' => array($hash => function($data) use($key) {return array($key->sign($data));}))); return $packet; } function decrypt($packet) { if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); if($packet instanceof OpenPGP_SecretKeyPacket || $packet instanceof Crypt_RSA || ($packet instanceof ArrayAccess && $packet[0] instanceof OpenPGP_SecretKeyPacket)) { $keys = $packet; $message = $this->message; } else { $keys = $this->key; $message = $packet; } if(!$keys || !$message) return NULL; // Missing some data if(!($keys instanceof Crypt_RSA)) { $keys = new self($keys); } foreach($message as $p) { if($p instanceof OpenPGP_AsymmetricSessionKeyPacket) { if($keys instanceof Crypt_RSA) { $sk = self::try_decrypt_session($keys, substr($p->encrypted_data, 2)); } else if(strlen(str_replace('0', '', $p->keyid)) < 1) { foreach($keys->key as $k) { $sk = self::try_decrypt_session(self::convert_private_key($k), substr($p->encrypted_data, 2)); if($sk) break; } } else { $key = $keys->private_key($p->keyid); $sk = self::try_decrypt_session($key, substr($p->encrypted_data, 2)); } if(!$sk) continue; $r = OpenPGP_Crypt_Symmetric::decryptPacket(OpenPGP_Crypt_Symmetric::getEncryptedData($message), $sk[0], $sk[1]); if($r) return $r; } } return NULL; /* Failed */ } static function try_decrypt_session($key, $edata) { $key->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); $data = @$key->decrypt($edata); if(!$data) return NULL; $sk = substr($data, 1, strlen($data)-3); $chk = unpack('n', substr($data, -2)); $chk = reset($chk); $sk_chk = 0; for($i = 0; $i < strlen($sk); $i++) { $sk_chk = ($sk_chk + ord($sk{$i})) % 65536; } if($sk_chk != $chk) return NULL; return array(ord($data{0}), $sk); } static function crypt_rsa_key($mod, $exp, $hash='SHA256') { $rsa = new Crypt_RSA(); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $rsa->setHash(strtolower($hash)); $rsa->modulus = new Math_BigInteger($mod, 256); $rsa->k = strlen($rsa->modulus->toBytes()); $rsa->exponent = new Math_BigInteger($exp, 256); $rsa->setPublicKey(); return $rsa; } static function convert_key($packet, $private=false) { if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); if($packet instanceof OpenPGP_Message) $packet = $packet[0]; $mod = $packet->key['n']; $exp = $packet->key['e']; if($private) $exp = $packet->key['d']; if(!$exp) return NULL; // Packet doesn't have needed data $rsa = self::crypt_rsa_key($mod, $exp); if($private) { /** * @see https://github.com/phpseclib/phpseclib/issues/1113 * Primes and coefficients now use BigIntegers. **/ //set the primes if($packet->key['p'] && $packet->key['q']) $rsa->primes = array( 1 => new Math_BigInteger($packet->key['p'], 256), 2 => new Math_BigInteger($packet->key['q'], 256) ); // set the coefficients if($packet->key['u']) $rsa->coefficients = array(2 => new Math_BigInteger($packet->key['u'], 256)); } return $rsa; } static function convert_public_key($packet) { return self::convert_key($packet, false); } static function convert_private_key($packet) { return self::convert_key($packet, true); } } ?>