friendica_2021-01/include/crypto.php

<?php

require_once('library/ASNValue.class.php');
require_once('library/asn1.php');


function rsa_sign($data,$key) {

	$sig = '';
	if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
		openssl_sign($data,$sig,$key,'sha256');
    }
    else {
		if(strlen($key) < 1024 || extension_loaded('gmp')) {
			require_once('library/phpsec/Crypt/RSA.php');
			$rsa = new CRYPT_RSA();
			$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
			$rsa->setHash('sha256');
			$rsa->loadKey($key);
			$sig = $rsa->sign($data);
		}
		else {
			logger('rsa_sign: insecure algorithm used. Please upgrade PHP to 5.3');
			openssl_private_encrypt(hex2bin('3031300d060960864801650304020105000420') . hash('sha256',$data,true), $sig, $key);
		}
	}
	return $sig;
}

function rsa_verify($data,$sig,$key) {

	if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
		$verify = openssl_verify($data,$sig,$key,'sha256');
    }
    else {
		if(strlen($key) <= 300 || extension_loaded('gmp')) {
			require_once('library/phpsec/Crypt/RSA.php');
			$rsa = new CRYPT_RSA();
			$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
			$rsa->setHash('sha256');
			$rsa->loadKey($key);
			$verify = $rsa->verify($data,$sig);
		}
		else {
			// fallback sha256 verify for PHP < 5.3 and large key lengths
			$rawsig = '';
        	openssl_public_decrypt($sig,$rawsig,$key);
	        $verify = (($rawsig && substr($rawsig,-32) === hash('sha256',$data,true)) ? true : false);
    	}
	}
	return $verify;
}


function DerToPem($Der, $Private=false)
{
    //Encode:
    $Der = base64_encode($Der);
    //Split lines:
    $lines = str_split($Der, 65);
    $body = implode("\n", $lines);
    //Get title:
    $title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
    //Add wrapping:
    $result = "-----BEGIN {$title}-----\n";
    $result .= $body . "\n";
    $result .= "-----END {$title}-----\n";
 
    return $result;
}

function DerToRsa($Der)
{
    //Encode:
    $Der = base64_encode($Der);
    //Split lines:
    $lines = str_split($Der, 65);
    $body = implode("\n", $lines);
    //Get title:
    $title = 'RSA PUBLIC KEY';
    //Add wrapping:
    $result = "-----BEGIN {$title}-----\n";
    $result .= $body . "\n";
    $result .= "-----END {$title}-----\n";
 
    return $result;
}


function pkcs8_encode($Modulus,$PublicExponent) {
	//Encode key sequence
	$modulus = new ASNValue(ASNValue::TAG_INTEGER);
	$modulus->SetIntBuffer($Modulus);
	$publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
	$publicExponent->SetIntBuffer($PublicExponent);
	$keySequenceItems = array($modulus, $publicExponent);
	$keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
	$keySequence->SetSequence($keySequenceItems);
	//Encode bit string
	$bitStringValue = $keySequence->Encode();
	$bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte
	$bitString = new ASNValue(ASNValue::TAG_BITSTRING);
	$bitString->Value = $bitStringValue;
	//Encode body
	$bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode();
	$body = new ASNValue(ASNValue::TAG_SEQUENCE);
	$body->Value = $bodyValue;
	//Get DER encoded public key:
	$PublicDER = $body->Encode();
	return $PublicDER;
}


function pkcs1_encode($Modulus,$PublicExponent) {
	//Encode key sequence
	$modulus = new ASNValue(ASNValue::TAG_INTEGER);
	$modulus->SetIntBuffer($Modulus);
	$publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
	$publicExponent->SetIntBuffer($PublicExponent);
	$keySequenceItems = array($modulus, $publicExponent);
	$keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
	$keySequence->SetSequence($keySequenceItems);
	//Encode bit string
	$bitStringValue = $keySequence->Encode();
	return $bitStringValue;
}


function metopem($m,$e) {
	$der = pkcs8_encode($m,$e);
	$key = DerToPem($der,false);
	return $key;
}	


function pubrsatome($key,&$m,&$e) {
	require_once('library/asn1.php');
	require_once('include/salmon.php');

	$lines = explode("\n",$key);
	unset($lines[0]);
	unset($lines[count($lines)]);
	$x = base64_decode(implode('',$lines));

	$r = ASN_BASE::parseASNString($x);

	$m = base64url_decode($r[0]->asnData[0]->asnData);
	$e = base64url_decode($r[0]->asnData[1]->asnData);
}


function rsatopem($key) {
	pubrsatome($key,$m,$e);
	return(metopem($m,$e));
}

function pemtorsa($key) {
	pemtome($key,$m,$e);
	return(metorsa($m,$e));
}

function pemtome($key,&$m,&$e) {
	require_once('include/salmon.php');
	$lines = explode("\n",$key);
	unset($lines[0]);
	unset($lines[count($lines)]);
	$x = base64_decode(implode('',$lines));

	$r = ASN_BASE::parseASNString($x);

	$m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);
	$e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
}

function metorsa($m,$e) {
	$der = pkcs1_encode($m,$e);
	$key = DerToRsa($der);
	return $key;
}	

function salmon_key($pubkey) {
	pemtome($pubkey,$m,$e);
	return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
}
helper functions for Diaspora cert mangling 2011-07-26 04:57:17 +02:00			`<?php`

			`require_once('library/ASNValue.class.php');`
crypto stuff 2011-08-10 03:55:46 +02:00			`require_once('library/asn1.php');`


			`function rsa_sign($data,$key) {`

			`$sig = '';`
			`if (version_compare(PHP_VERSION, '5.3.0', '>=')) {`
			`openssl_sign($data,$sig,$key,'sha256');`
			`}`
			`else {`
			`if(strlen($key) < 1024 \|\| extension_loaded('gmp')) {`
			`require_once('library/phpsec/Crypt/RSA.php');`
			`$rsa = new CRYPT_RSA();`
			`$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;`
			`$rsa->setHash('sha256');`
			`$rsa->loadKey($key);`
			`$sig = $rsa->sign($data);`
			`}`
			`else {`
			`logger('rsa_sign: insecure algorithm used. Please upgrade PHP to 5.3');`
			`openssl_private_encrypt(hex2bin('3031300d060960864801650304020105000420') . hash('sha256',$data,true), $sig, $key);`
			`}`
			`}`
			`return $sig;`
			`}`

			`function rsa_verify($data,$sig,$key) {`

			`if (version_compare(PHP_VERSION, '5.3.0', '>=')) {`
			`$verify = openssl_verify($data,$sig,$key,'sha256');`
			`}`
			`else {`
			`if(strlen($key) <= 300 \|\| extension_loaded('gmp')) {`
			`require_once('library/phpsec/Crypt/RSA.php');`
			`$rsa = new CRYPT_RSA();`
			`$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;`
			`$rsa->setHash('sha256');`
			`$rsa->loadKey($key);`
			`$verify = $rsa->verify($data,$sig);`
			`}`
			`else {`
			`// fallback sha256 verify for PHP < 5.3 and large key lengths`
			`$rawsig = '';`
			`openssl_public_decrypt($sig,$rawsig,$key);`
			`$verify = (($rawsig && substr($rawsig,-32) === hash('sha256',$data,true)) ? true : false);`
			`}`
			`}`
			`return $verify;`
			`}`

helper functions for Diaspora cert mangling 2011-07-26 04:57:17 +02:00
			`function DerToPem($Der, $Private=false)`
			`{`
			`//Encode:`
			`$Der = base64_encode($Der);`
			`//Split lines:`
			`$lines = str_split($Der, 65);`
			`$body = implode("\n", $lines);`
			`//Get title:`
			`$title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY';`
			`//Add wrapping:`
			`$result = "-----BEGIN {$title}-----\n";`
			`$result .= $body . "\n";`
			`$result .= "-----END {$title}-----\n";`

			`return $result;`
			`}`

more progress on key conversion functions 2011-07-29 03:16:57 +02:00			`function DerToRsa($Der)`
			`{`
			`//Encode:`
			`$Der = base64_encode($Der);`
			`//Split lines:`
			`$lines = str_split($Der, 65);`
			`$body = implode("\n", $lines);`
			`//Get title:`
			`$title = 'RSA PUBLIC KEY';`
			`//Add wrapping:`
			`$result = "-----BEGIN {$title}-----\n";`
			`$result .= $body . "\n";`
			`$result .= "-----END {$title}-----\n";`

			`return $result;`
			`}`


helper functions for Diaspora cert mangling 2011-07-26 04:57:17 +02:00			`function pkcs8_encode($Modulus,$PublicExponent) {`
			`//Encode key sequence`
			`$modulus = new ASNValue(ASNValue::TAG_INTEGER);`
			`$modulus->SetIntBuffer($Modulus);`
			`$publicExponent = new ASNValue(ASNValue::TAG_INTEGER);`
more progress on key conversion functions 2011-07-29 03:16:57 +02:00			`$publicExponent->SetIntBuffer($PublicExponent);`
helper functions for Diaspora cert mangling 2011-07-26 04:57:17 +02:00			`$keySequenceItems = array($modulus, $publicExponent);`
			`$keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);`
			`$keySequence->SetSequence($keySequenceItems);`
			`//Encode bit string`
			`$bitStringValue = $keySequence->Encode();`
			`$bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte`
			`$bitString = new ASNValue(ASNValue::TAG_BITSTRING);`
			`$bitString->Value = $bitStringValue;`
			`//Encode body`
			`$bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode();`
			`$body = new ASNValue(ASNValue::TAG_SEQUENCE);`
			`$body->Value = $bodyValue;`
			`//Get DER encoded public key:`
			`$PublicDER = $body->Encode();`
			`return $PublicDER;`
			`}`


more progress on key conversion functions 2011-07-29 03:16:57 +02:00			`function pkcs1_encode($Modulus,$PublicExponent) {`
			`//Encode key sequence`
			`$modulus = new ASNValue(ASNValue::TAG_INTEGER);`
			`$modulus->SetIntBuffer($Modulus);`
			`$publicExponent = new ASNValue(ASNValue::TAG_INTEGER);`
			`$publicExponent->SetIntBuffer($PublicExponent);`
			`$keySequenceItems = array($modulus, $publicExponent);`
			`$keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);`
			`$keySequence->SetSequence($keySequenceItems);`
			`//Encode bit string`
			`$bitStringValue = $keySequence->Encode();`
			`return $bitStringValue;`
			`}`


helper functions for Diaspora cert mangling 2011-07-26 04:57:17 +02:00			`function metopem($m,$e) {`
more progress on key conversion functions 2011-07-29 03:16:57 +02:00			`$der = pkcs8_encode($m,$e);`
			`$key = DerToPem($der,false);`
helper functions for Diaspora cert mangling 2011-07-26 04:57:17 +02:00			`return $key;`
			`}`


more progress on key conversion functions 2011-07-29 03:16:57 +02:00			`function pubrsatome($key,&$m,&$e) {`
			`require_once('library/asn1.php');`
			`require_once('include/salmon.php');`

			`$lines = explode("\n",$key);`
			`unset($lines[0]);`
			`unset($lines[count($lines)]);`
			`$x = base64_decode(implode('',$lines));`

			`$r = ASN_BASE::parseASNString($x);`

			`$m = base64url_decode($r[0]->asnData[0]->asnData);`
			`$e = base64url_decode($r[0]->asnData[1]->asnData);`
			`}`


			`function rsatopem($key) {`
			`pubrsatome($key,$m,$e);`
			`return(metopem($m,$e));`
			`}`

convert our native pkcs#8 to pkcs#1 for diaspora-public-key xrd field 2011-07-30 10:03:24 +02:00			`function pemtorsa($key) {`
			`pemtome($key,$m,$e);`
			`return(metorsa($m,$e));`
			`}`
more progress on key conversion functions 2011-07-29 03:16:57 +02:00
			`function pemtome($key,&$m,&$e) {`
			`require_once('include/salmon.php');`
			`$lines = explode("\n",$key);`
			`unset($lines[0]);`
			`unset($lines[count($lines)]);`
			`$x = base64_decode(implode('',$lines));`

			`$r = ASN_BASE::parseASNString($x);`

			`$m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);`
			`$e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);`
			`}`

			`function metorsa($m,$e) {`
			`$der = pkcs1_encode($m,$e);`
			`$key = DerToRsa($der);`
			`return $key;`
			`}`

crypto stuff 2011-08-10 03:55:46 +02:00			`function salmon_key($pubkey) {`
			`pemtome($pubkey,$m,$e);`
			`return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;`
			`}`