<?php

require_once 'library/ASNValue.class.php';
require_once 'library/asn1.php';

// supported algorithms are 'sha256', 'sha1'

function rsa_sign($data, $key, $alg = 'sha256') {
	openssl_sign($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
	return $sig;
}

function rsa_verify($data, $sig, $key, $alg = 'sha256') {
	return openssl_verify($data, $sig, $key, (($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
}

function DerToPem($Der, $Private = false) {
	//Encode:
	$Der = base64_encode($Der);
	//Split lines:
	$lines = str_split($Der, 65);
	$body = implode("\n", $lines);
	//Get title:
	$title = $Private ? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
	//Add wrapping:
	$result = "-----BEGIN {$title}-----\n";
	$result .= $body . "\n";
	$result .= "-----END {$title}-----\n";

	return $result;
}

function DerToRsa($Der) {
	//Encode:
	$Der = base64_encode($Der);
	//Split lines:
	$lines = str_split($Der, 64);
	$body = implode("\n", $lines);
	//Get title:
	$title = 'RSA PUBLIC KEY';
	//Add wrapping:
	$result = "-----BEGIN {$title}-----\n";
	$result .= $body . "\n";
	$result .= "-----END {$title}-----\n";

	return $result;
}

function pkcs8_encode($Modulus, $PublicExponent) {
	//Encode key sequence
	$modulus = new ASNValue(ASNValue::TAG_INTEGER);
	$modulus->SetIntBuffer($Modulus);
	$publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
	$publicExponent->SetIntBuffer($PublicExponent);
	$keySequenceItems = array($modulus, $publicExponent);
	$keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
	$keySequence->SetSequence($keySequenceItems);
	//Encode bit string
	$bitStringValue = $keySequence->Encode();
	$bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte
	$bitString = new ASNValue(ASNValue::TAG_BITSTRING);
	$bitString->Value = $bitStringValue;
	//Encode body
	$bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode();
	$body = new ASNValue(ASNValue::TAG_SEQUENCE);
	$body->Value = $bodyValue;
	//Get DER encoded public key:
	$PublicDER = $body->Encode();
	return $PublicDER;
}

function pkcs1_encode($Modulus, $PublicExponent) {
	//Encode key sequence
	$modulus = new ASNValue(ASNValue::TAG_INTEGER);
	$modulus->SetIntBuffer($Modulus);
	$publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
	$publicExponent->SetIntBuffer($PublicExponent);
	$keySequenceItems = array($modulus, $publicExponent);
	$keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
	$keySequence->SetSequence($keySequenceItems);
	//Encode bit string
	$bitStringValue = $keySequence->Encode();
	return $bitStringValue;
}

function metopem($m, $e) {
	$der = pkcs8_encode($m, $e);
	$key = DerToPem($der, false);
	return $key;
}

function pubrsatome($key,&$m,&$e) {
	require_once('library/asn1.php');
	require_once('include/salmon.php');

	$lines = explode("\n", $key);
	unset($lines[0]);
	unset($lines[count($lines)]);
	$x = base64_decode(implode('', $lines));

	$r = ASN_BASE::parseASNString($x);

	$m = base64url_decode($r[0]->asnData[0]->asnData);
	$e = base64url_decode($r[0]->asnData[1]->asnData);
}


function rsatopem($key) {
	pubrsatome($key, $m, $e);
	return metopem($m, $e);
}

function pemtorsa($key) {
	pemtome($key, $m, $e);
	return metorsa($m, $e);
}

function pemtome($key, &$m, &$e) {
	require_once('include/salmon.php');
	$lines = explode("\n", $key);
	unset($lines[0]);
	unset($lines[count($lines)]);
	$x = base64_decode(implode('', $lines));

	$r = ASN_BASE::parseASNString($x);

	$m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);
	$e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
}

function metorsa($m, $e) {
	$der = pkcs1_encode($m, $e);
	$key = DerToRsa($der);
	return $key;
}

function salmon_key($pubkey) {
	pemtome($pubkey, $m, $e);
	return 'RSA' . '.' . base64url_encode($m, true) . '.' . base64url_encode($e, true) ;
}

function new_keypair($bits) {
	$openssl_options = array(
		'digest_alg'       => 'sha1',
		'private_key_bits' => $bits,
		'encrypt_key'      => false
	);

	$conf = get_config('system', 'openssl_conf_file');
	if ($conf) {
		$openssl_options['config'] = $conf;
	}
	$result = openssl_pkey_new($openssl_options);

	if (empty($result)) {
		logger('new_keypair: failed');
		return false;
	}

	// Get private key
	$response = array('prvkey' => '', 'pubkey' => '');

	openssl_pkey_export($result, $response['prvkey']);

	// Get public key
	$pkey = openssl_pkey_get_details($result);
	$response['pubkey'] = $pkey["key"];

	return $response;
}