spacenerdmo/friendica-addons
1
0
Fork 0
forked from friendica/friendica-addons
Code Pull requests Activity

securemail: update pgp library

Browse source 
Remove php-gpg, add openpgp-php and phpseclib.
Add template file for settings.
Add "send test" functionality.
Add messages.po
This commit is contained in:
fabrixxm 2017-04-11 21:19:54 +02:00
commit 50f91a338c
52 changed files with 35258 additions and 3205 deletions
Download patch file Download diff file Expand all files Collapse all files

1854
securemail/vendor/singpolyma/openpgp-php/lib/openpgp.php vendored Normal file
View file

@ -0,0 +1,1854 @@
<?php
// This is free and unencumbered software released into the public domain.
/**
* OpenPGP.php is a pure-PHP implementation of the OpenPGP Message Format
* (RFC 4880).
*
* @package OpenPGP
* @version 0.0.1
* @author Arto Bendiken <arto.bendiken@gmail.com>
* @author Stephen Paul Weber <singpolyma@singpolyma.net>
* @see http://github.com/bendiken/openpgp-php
*/
//////////////////////////////////////////////////////////////////////////////
// OpenPGP utilities
/**
* @see http://tools.ietf.org/html/rfc4880
*/
class OpenPGP {
/**
* @see http://tools.ietf.org/html/rfc4880#section-6
* @see http://tools.ietf.org/html/rfc4880#section-6.2
* @see http://tools.ietf.org/html/rfc2045
*/
static function enarmor($data, $marker = 'MESSAGE', array $headers = array()) {
$text = self::header($marker) . "\n";
foreach ($headers as $key => $value) {
$text .= $key . ': ' . (string)$value . "\n";
}
$text .= "\n" . base64_encode($data);
$text .= "\n".'=' . base64_encode(substr(pack('N', self::crc24($data)), 1)) . "\n";
$text .= self::footer($marker) . "\n";
return $text;
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-6
* @see http://tools.ietf.org/html/rfc2045
*/
static function unarmor($text, $header = 'PGP PUBLIC KEY BLOCK') {
$header = self::header($header);
$text = str_replace(array("\r\n", "\r"), array("\n", ''), $text);
if (($pos1 = strpos($text, $header)) !== FALSE &&
($pos1 = strpos($text, "\n\n", $pos1 += strlen($header))) !== FALSE &&
($pos2 = strpos($text, "\n=", $pos1 += 2)) !== FALSE) {
return base64_decode($text = substr($text, $pos1, $pos2 - $pos1));
}
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-6.2
*/
static function header($marker) {
return '-----BEGIN ' . strtoupper((string)$marker) . '-----';
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-6.2
*/
static function footer($marker) {
return '-----END ' . strtoupper((string)$marker) . '-----';
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-6
* @see http://tools.ietf.org/html/rfc4880#section-6.1
*/
static function crc24($data) {
$crc = 0x00b704ce;
for ($i = 0; $i < strlen($data); $i++) {
$crc ^= (ord($data[$i]) & 255) << 16;
for ($j = 0; $j < 8; $j++) {
$crc <<= 1;
if ($crc & 0x01000000) {
$crc ^= 0x01864cfb;
}
}
}
return $crc & 0x00ffffff;
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-12.2
*/
static function bitlength($data) {
return (strlen($data) - 1) * 8 + (int)floor(log(ord($data[0]), 2)) + 1;
}
static function decode_s2k_count($c) {
return ((int)16 + ($c & 15)) << (($c >> 4) + 6);
}
static function encode_s2k_count($iterations) {
if($iterations >= 65011712) return 255;
$count = $iterations >> 6;
$c = 0;
while($count >= 32) {
$count = $count >> 1;
$c++;
}
$result = ($c << 4) | ($count - 16);
if(OpenPGP::decode_s2k_count($result) < $iterations) {
return $result + 1;
}
return $result;
}
}
class OpenPGP_S2K {
public $type, $hash_algorithm, $salt, $count;
function __construct($salt='BADSALT', $hash_algorithm=10, $count=65536, $type=3) {
$this->type = $type;
$this->hash_algorithm = $hash_algorithm;
$this->salt = $salt;
$this->count = $count;
}
static function parse(&$input) {
$s2k = new OpenPGP_S2k();
switch($s2k->type = ord($input{0})) {
case 0:
$s2k->hash_algorithm = ord($input{1});
$input = substr($input, 2);
break;
case 1:
$s2k->hash_algorithm = ord($input{1});
$s2k->salt = substr($input, 2, 8);
$input = substr($input, 10);
break;
case 3:
$s2k->hash_algorithm = ord($input{1});
$s2k->salt = substr($input, 2, 8);
$s2k->count = OpenPGP::decode_s2k_count(ord($input{10}));
$input = substr($input, 11);
break;
}
return $s2k;
}
function to_bytes() {
$bytes = chr($this->type);
switch($this->type) {
case 0:
$bytes .= chr($this->hash_algorithm);
break;
case 1:
$bytes .= chr($this->hash_algorithm);
$bytes .= $this->salt;
break;
case 3:
$bytes .= chr($this->hash_algorithm);
$bytes .= $this->salt;
$bytes .= chr(OpenPGP::encode_s2k_count($this->count));
break;
}
return $bytes;
}
function raw_hash($s) {
return hash(strtolower(OpenPGP_SignaturePacket::$hash_algorithms[$this->hash_algorithm]), $s, true);
}
function sized_hash($s, $size) {
$hash = $this->raw_hash($s);
while(strlen($hash) < $size) {
$s = "\0" . $s;
$hash .= $this->raw_hash($s);
}
return substr($hash, 0, $size);
}
function iterate($s) {
if(strlen($s) >= $this->count) return $s;
$s = str_repeat($s, ceil($this->count / strlen($s)));
return substr($s, 0, $this->count);
}
function make_key($pass, $size) {
switch($this->type) {
case 0:
return $this->sized_hash($pass, $size);
case 1:
return $this->sized_hash($this->salt . $pass, $size);
case 3:
return $this->sized_hash($this->iterate($this->salt . $pass), $size);
}
}
}
//////////////////////////////////////////////////////////////////////////////
// OpenPGP messages
/**
* @see http://tools.ietf.org/html/rfc4880#section-4.1
* @see http://tools.ietf.org/html/rfc4880#section-11
* @see http://tools.ietf.org/html/rfc4880#section-11.3
*/
class OpenPGP_Message implements IteratorAggregate, ArrayAccess {
public $uri = NULL;
public $packets = array();
static function parse_file($path) {
if (($msg = self::parse(file_get_contents($path)))) {
$msg->uri = preg_match('!^[\w\d]+://!', $path) ? $path : 'file://' . realpath($path);
return $msg;
}
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-4.1
* @see http://tools.ietf.org/html/rfc4880#section-4.2
*/
static function parse($input) {
if (is_resource($input)) {
return self::parse_stream($input);
}
if (is_string($input)) {
return self::parse_string($input);
}
}
static function parse_stream($input) {
return self::parse_string(stream_get_contents($input));
}
static function parse_string($input) {
$msg = new self;
while (($length = strlen($input)) > 0) {
if (($packet = OpenPGP_Packet::parse($input))) {
$msg[] = $packet;
}
if ($length == strlen($input)) { // is parsing stuck?
break;
}
}
return $msg;
}
function __construct(array $packets = array()) {
$this->packets = $packets;
}
function to_bytes() {
$bytes = '';
foreach($this as $p) {
$bytes .= $p->to_bytes();
}
return $bytes;
}
/**
* Extract signed objects from a well-formatted message
*
* Recurses into CompressedDataPacket
*
* @see http://tools.ietf.org/html/rfc4880#section-11
*/
function signatures() {
$msg = $this;
while($msg[0] instanceof OpenPGP_CompressedDataPacket) $msg = $msg[0]->data;
$key = NULL;
$userid = NULL;
$subkey = NULL;
$sigs = array();
$final_sigs = array();
foreach($msg as $idx => $p) {
if($p instanceof OpenPGP_LiteralDataPacket) {
return array(array($p, array_values(array_filter($msg->packets, function($p) {
return $p instanceof OpenPGP_SignaturePacket;
}))));
} else if($p instanceof OpenPGP_PublicSubkeyPacket || $p instanceof OpenPGP_SecretSubkeyPacket) {
if($userid) {
array_push($final_sigs, array($key, $userid, $sigs));
$userid = NULL;
} else if($subkey) {
array_push($final_sigs, array($key, $subkey, $sigs));
$key = NULL;
}
$sigs = array();
$subkey = $p;
} else if($p instanceof OpenPGP_PublicKeyPacket) {
if($userid) {
array_push($final_sigs, array($key, $userid, $sigs));
$userid = NULL;
} else if($subkey) {
array_push($final_sigs, array($key, $subkey, $sigs));
$subkey = NULL;
} else if($key) {
array_push($final_sigs, array($key, $sigs));
$key = NULL;
}
$sigs = array();
$key = $p;
} else if($p instanceof OpenPGP_UserIDPacket) {
if($userid) {
array_push($final_sigs, array($key, $userid, $sigs));
$userid = NULL;
} else if($key) {
array_push($final_sigs, array($key, $sigs));
}
$sigs = array();
$userid = $p;
} else if($p instanceof OpenPGP_SignaturePacket) {
$sigs[] = $p;
}
}
if($userid) {
array_push($final_sigs, array($key, $userid, $sigs));
} else if($subkey) {
array_push($final_sigs, array($key, $subkey, $sigs));
} else if($key) {
array_push($final_sigs, array($key, $sigs));
}
return $final_sigs;
}
/**
* Function to extract verified signatures
* $verifiers is an array of callbacks formatted like array('RSA' => array('SHA256' => CALLBACK)) that take two parameters: raw message and signature packet
*/
function verified_signatures($verifiers) {
$signed = $this->signatures();
$vsigned = array();
foreach($signed as $sign) {
$signatures = array_pop($sign);
$vsigs = array();
foreach($signatures as $sig) {
$verifier = $verifiers[$sig->key_algorithm_name()][$sig->hash_algorithm_name()];
if($verifier && $this->verify_one($verifier, $sign, $sig)) {
$vsigs[] = $sig;
}
}
array_push($sign, $vsigs);
$vsigned[] = $sign;
}
return $vsigned;
}
function verify_one($verifier, $sign, $sig) {
if($sign[0] instanceof OpenPGP_LiteralDataPacket) {
$sign[0]->normalize();
$raw = $sign[0]->data;
} else if(isset($sign[1]) && $sign[1] instanceof OpenPGP_UserIDPacket) {
$raw = implode('', array_merge($sign[0]->fingerprint_material(), array(chr(0xB4),
pack('N', strlen($sign[1]->body())), $sign[1]->body())));
} else if(isset($sign[1]) && ($sign[1] instanceof OpenPGP_PublicSubkeyPacket || $sign[1] instanceof OpenPGP_SecretSubkeyPacket)) {
$raw = implode('', array_merge($sign[0]->fingerprint_material(), $sign[1]->fingerprint_material()));
} else if($sign[0] instanceof OpenPGP_PublicKeyPacket) {
$raw = implode('', $sign[0]->fingerprint_material());
} else {
return NULL;
}
return call_user_func($verifier, $raw.$sig->trailer, $sig);
}
// IteratorAggregate interface
function getIterator() {
return new ArrayIterator($this->packets);
}
// ArrayAccess interface
function offsetExists($offset) {
return isset($this->packets[$offset]);
}
function offsetGet($offset) {
return $this->packets[$offset];
}
function offsetSet($offset, $value) {
return is_null($offset) ? $this->packets[] = $value : $this->packets[$offset] = $value;
}
function offsetUnset($offset) {
unset($this->packets[$offset]);
}
}
//////////////////////////////////////////////////////////////////////////////
// OpenPGP packets
/**
* OpenPGP packet.
*
* @see http://tools.ietf.org/html/rfc4880#section-4.1
* @see http://tools.ietf.org/html/rfc4880#section-4.3
*/
class OpenPGP_Packet {
public $tag, $size, $data;
static function class_for($tag) {
return isset(self::$tags[$tag]) && class_exists(
$class = 'OpenPGP_' . self::$tags[$tag] . 'Packet') ? $class : __CLASS__;
}
/**
* Parses an OpenPGP packet.
*
* Partial body lengths based on https://github.com/toofishes/python-pgpdump/blob/master/pgpdump/packet.py
*
* @see http://tools.ietf.org/html/rfc4880#section-4.2
*/
static function parse(&$input) {
$packet = NULL;
if (strlen($input) > 0) {
$parser = ord($input[0]) & 64 ? 'parse_new_format' : 'parse_old_format';
$header_start0 = 0;
$consumed = 0;
$packet_data = "";
do {
list($tag, $data_offset, $data_length, $partial) = self::$parser($input, $header_start0);
$data_start0 = $header_start0 + $data_offset;
$header_start0 = $data_start0 + $data_length - 1;
$packet_data .= substr($input, $data_start0, $data_length);
$consumed += $data_offset + $data_length;
if ($partial) {
$consumed -= 1;
}
} while ($partial === true && $parser === 'parse_new_format');
if ($tag && ($class = self::class_for($tag))) {
$packet = new $class();
$packet->tag = $tag;
$packet->input = $packet_data;
$packet->length = strlen($packet_data);
$packet->read();
unset($packet->input);
unset($packet->length);
}
$input = substr($input, $consumed);
}
return $packet;
}
/**
* Parses a new-format (RFC 4880) OpenPGP packet.
*
* @see http://tools.ietf.org/html/rfc4880#section-4.2.2
*/
static function parse_new_format($input, $header_start = 0) {
$tag = ord($input[0]) & 63;
$len = ord($input[$header_start + 1]);
if($len < 192) { // One octet length
return array($tag, 2, $len, false);
}
if($len > 191 && $len < 224) { // Two octet length
return array($tag, 3, (($len - 192) << 8) + ord($input[$header_start + 2]) + 192, false);
}
if($len == 255) { // Five octet length
$unpacked = unpack('N', substr($input, $header_start + 2, 4));
return array($tag, 6, reset($unpacked), false);
}
// Partial body lengths
return array($tag, 2, 1 << ($len & 0x1f), true);
}
/**
* Parses an old-format (PGP 2.6.x) OpenPGP packet.
*
* @see http://tools.ietf.org/html/rfc4880#section-4.2.1
*/
static function parse_old_format($input) {
$len = ($tag = ord($input[0])) & 3;
$tag = ($tag >> 2) & 15;
switch ($len) {
case 0: // The packet has a one-octet length. The header is 2 octets long.
$head_length = 2;
$data_length = ord($input[1]);
break;
case 1: // The packet has a two-octet length. The header is 3 octets long.
$head_length = 3;
$data_length = unpack('n', substr($input, 1, 2));
$data_length = $data_length[1];
break;
case 2: // The packet has a four-octet length. The header is 5 octets long.
$head_length = 5;
$data_length = unpack('N', substr($input, 1, 4));
$data_length = $data_length[1];
break;
case 3: // The packet is of indeterminate length. The header is 1 octet long.
$head_length = 1;
$data_length = strlen($input) - $head_length;
break;
}
return array($tag, $head_length, $data_length, false);
}
function __construct($data=NULL) {
$this->tag = array_search(substr(substr(get_class($this), 8), 0, -6), self::$tags);
$this->data = $data;
}
function read() {
}
function body() {
return $this->data; // Will normally be overridden by subclasses
}
function header_and_body() {
$body = $this->body(); // Get body first, we will need it's length
$tag = chr($this->tag | 0xC0); // First two bits are 1 for new packet format
$size = chr(255).pack('N', strlen($body)); // Use 5-octet lengths
return array('header' => $tag.$size, 'body' => $body);
}
function to_bytes() {
$data = $this->header_and_body();
return $data['header'].$data['body'];
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-3.5
*/
function read_timestamp() {
return $this->read_unpacked(4, 'N');
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-3.2
*/
function read_mpi() {
$length = $this->read_unpacked(2, 'n'); // length in bits
$length = (int)floor(($length + 7) / 8); // length in bytes
return $this->read_bytes($length);
}
/**
* @see http://php.net/manual/en/function.unpack.php
*/
function read_unpacked($count, $format) {
$unpacked = unpack($format, $this->read_bytes($count));
return reset($unpacked);
}
function read_byte() {
return ($bytes = $this->read_bytes()) ? $bytes[0] : NULL;
}
function read_bytes($count = 1) {
$bytes = substr($this->input, 0, $count);
$this->input = substr($this->input, $count);
return $bytes;
}
static $tags = array(
1 => 'AsymmetricSessionKey', // Public-Key Encrypted Session Key
2 => 'Signature', // Signature Packet
3 => 'SymmetricSessionKey', // Symmetric-Key Encrypted Session Key Packet
4 => 'OnePassSignature', // One-Pass Signature Packet
5 => 'SecretKey', // Secret-Key Packet
6 => 'PublicKey', // Public-Key Packet
7 => 'SecretSubkey', // Secret-Subkey Packet
8 => 'CompressedData', // Compressed Data Packet
9 => 'EncryptedData', // Symmetrically Encrypted Data Packet
10 => 'Marker', // Marker Packet
11 => 'LiteralData', // Literal Data Packet
12 => 'Trust', // Trust Packet
13 => 'UserID', // User ID Packet
14 => 'PublicSubkey', // Public-Subkey Packet
17 => 'UserAttribute', // User Attribute Packet
18 => 'IntegrityProtectedData', // Sym. Encrypted and Integrity Protected Data Packet
19 => 'ModificationDetectionCode', // Modification Detection Code Packet
60 => 'Experimental', // Private or Experimental Values
61 => 'Experimental', // Private or Experimental Values
62 => 'Experimental', // Private or Experimental Values
63 => 'Experimental', // Private or Experimental Values
);
}
/**
* OpenPGP Public-Key Encrypted Session Key packet (tag 1).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.1
*/
class OpenPGP_AsymmetricSessionKeyPacket extends OpenPGP_Packet {
public $version, $keyid, $key_algorithm, $encrypted_data;
function __construct($key_algorithm='', $keyid='', $encrypted_data='', $version=3) {
parent::__construct();
$this->version = $version;
$this->keyid = substr($keyid, -16);
$this->key_algorithm = $key_algorithm;
$this->encrypted_data = $encrypted_data;
}
function read() {
switch($this->version = ord($this->read_byte())) {
case 3:
$rawkeyid = $this->read_bytes(8);
$this->keyid = '';
for($i = 0; $i < strlen($rawkeyid); $i++) { // Store KeyID in Hex
$this->keyid .= sprintf('%02X',ord($rawkeyid{$i}));
}
$this->key_algorithm = ord($this->read_byte());
$this->encrypted_data = $this->input;
break;
default:
throw new Exception("Unsupported AsymmetricSessionKeyPacket version: " . $this->version);
}
}
function body() {
$bytes = chr($this->version);
for($i = 0; $i < strlen($this->keyid); $i += 2) {
$bytes .= chr(hexdec($this->keyid{$i}.$this->keyid{$i+1}));
}
$bytes .= chr($this->key_algorithm);
$bytes .= $this->encrypted_data;
return $bytes;
}
}
/**
* OpenPGP Signature packet (tag 2).
* Be sure to NULL the trailer if you update a signature packet!
*
* @see http://tools.ietf.org/html/rfc4880#section-5.2
*/
class OpenPGP_SignaturePacket extends OpenPGP_Packet {
public $version, $signature_type, $hash_algorithm, $key_algorithm, $hashed_subpackets, $unhashed_subpackets, $hash_head;
public $trailer; // This is the literal bytes that get tacked on the end of the message when verifying the signature
function __construct($data=NULL, $key_algorithm=NULL, $hash_algorithm=NULL) {
parent::__construct();
$this->version = 4; // Default to version 4 sigs
if(is_string($this->hash_algorithm = $hash_algorithm)) {
$this->hash_algorithm = array_search($this->hash_algorithm, self::$hash_algorithms);
}
if(is_string($this->key_algorithm = $key_algorithm)) {
$this->key_algorithm = array_search($this->key_algorithm, OpenPGP_PublicKeyPacket::$algorithms);
}
if($data) { // If we have any data, set up the creation time
$this->hashed_subpackets = array(new OpenPGP_SignaturePacket_SignatureCreationTimePacket(time()));
}
if($data instanceof OpenPGP_LiteralDataPacket) {
$this->signature_type = ($data->format == 'b') ? 0x00 : 0x01;
$data->normalize();
$data = $data->data;
} else if($data instanceof OpenPGP_Message && $data[0] instanceof OpenPGP_PublicKeyPacket) {
// $data is a message with PublicKey first, UserID second
$key = implode('', $data[0]->fingerprint_material());
$user_id = $data[1]->body();
$data = $key . chr(0xB4) . pack('N', strlen($user_id)) . $user_id;
}
$this->data = $data; // Store to-be-signed data in here until the signing happens
}
/**
* $this->data must be set to the data to sign (done by constructor)
* $signers in the same format as $verifiers for OpenPGP_Message.
*/
function sign_data($signers) {
$this->trailer = $this->calculate_trailer();
$signer = $signers[$this->key_algorithm_name()][$this->hash_algorithm_name()];
$this->data = call_user_func($signer, $this->data.$this->trailer);
$unpacked = unpack('n', substr(implode('',$this->data), 0, 2));
$this->hash_head = reset($unpacked);
}
function read() {
switch($this->version = ord($this->read_byte())) {
case 2:
case 3:
assert(ord($this->read_byte()) == 5);
$this->signature_type = ord($this->read_byte());
$creation_time = $this->read_timestamp();
$keyid = $this->read_bytes(8);
$keyidHex = '';
for($i = 0; $i < strlen($keyid); $i++) { // Store KeyID in Hex
$keyidHex .= sprintf('%02X',ord($keyid{$i}));
}
$this->hashed_subpackets = array();
$this->unhashed_subpackets = array(
new OpenPGP_SignaturePacket_SignatureCreationTimePacket($creation_time),
new OpenPGP_SignaturePacket_IssuerPacket($keyidHex)
);
$this->key_algorithm = ord($this->read_byte());
$this->hash_algorithm = ord($this->read_byte());
$this->hash_head = $this->read_unpacked(2, 'n');
$this->data = array();
while(strlen($this->input) > 0) {
$this->data[] = $this->read_mpi();
}
break;
case 4:
$this->signature_type = ord($this->read_byte());
$this->key_algorithm = ord($this->read_byte());
$this->hash_algorithm = ord($this->read_byte());
$this->trailer = chr(4).chr($this->signature_type).chr($this->key_algorithm).chr($this->hash_algorithm);
$hashed_size = $this->read_unpacked(2, 'n');
$hashed_subpackets = $this->read_bytes($hashed_size);
$this->trailer .= pack('n', $hashed_size).$hashed_subpackets;
$this->hashed_subpackets = self::get_subpackets($hashed_subpackets);
$this->trailer .= chr(4).chr(0xff).pack('N', 6 + $hashed_size);
$unhashed_size = $this->read_unpacked(2, 'n');
$this->unhashed_subpackets = self::get_subpackets($this->read_bytes($unhashed_size));
$this->hash_head = $this->read_unpacked(2, 'n');
$this->data = array();
while(strlen($this->input) > 0) {
$this->data[] = $this->read_mpi();
}
break;
}
}
function calculate_trailer() {
// The trailer is just the top of the body plus some crap
$body = $this->body_start();
return $body.chr(4).chr(0xff).pack('N', strlen($body));
}
function body_start() {
$body = chr(4).chr($this->signature_type).chr($this->key_algorithm).chr($this->hash_algorithm);
$hashed_subpackets = '';
foreach((array)$this->hashed_subpackets as $p) {
$hashed_subpackets .= $p->to_bytes();
}
$body .= pack('n', strlen($hashed_subpackets)).$hashed_subpackets;
return $body;
}
function body() {
switch($this->version) {
case 2:
case 3:
$body = chr($this->version) . chr(5) . chr($this->signature_type);
foreach((array)$this->unhashed_subpackets as $p) {
if($p instanceof OpenPGP_SignaturePacket_SignatureCreationTimePacket) {
$body .= pack('N', $p->data);
break;
}
}
foreach((array)$this->unhashed_subpackets as $p) {
if($p instanceof OpenPGP_SignaturePacket_IssuerPacket) {
for($i = 0; $i < strlen($p->data); $i += 2) {
$body .= chr(hexdec($p->data{$i}.$p->data{$i+1}));
}
break;
}
}
$body .= chr($this->key_algorithm);
$body .= chr($this->hash_algorithm);
$body .= pack('n', $this->hash_head);
foreach($this->data as $mpi) {
$body .= pack('n', OpenPGP::bitlength($mpi)).$mpi;
}
return $body;
case 4:
if(!$this->trailer) $this->trailer = $this->calculate_trailer();
$body = substr($this->trailer, 0, -6);
$unhashed_subpackets = '';
foreach((array)$this->unhashed_subpackets as $p) {
$unhashed_subpackets .= $p->to_bytes();
}
$body .= pack('n', strlen($unhashed_subpackets)).$unhashed_subpackets;
$body .= pack('n', $this->hash_head);
foreach((array)$this->data as $mpi) {
$body .= pack('n', OpenPGP::bitlength($mpi)).$mpi;
}
return $body;
}
}
function key_algorithm_name() {
return OpenPGP_PublicKeyPacket::$algorithms[$this->key_algorithm];
}
function hash_algorithm_name() {
return self::$hash_algorithms[$this->hash_algorithm];
}
function issuer() {
foreach($this->hashed_subpackets as $p) {
if($p instanceof OpenPGP_SignaturePacket_IssuerPacket) return $p->data;
}
foreach($this->unhashed_subpackets as $p) {
if($p instanceof OpenPGP_SignaturePacket_IssuerPacket) return $p->data;
}
return NULL;
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-5.2.3.1
*/
static function get_subpackets($input) {
$subpackets = array();
while(($length = strlen($input)) > 0) {
$subpackets[] = self::get_subpacket($input);
if($length == strlen($input)) { // Parsing stuck?
break;
}
}
return $subpackets;
}
static function get_subpacket(&$input) {
$len = ord($input[0]);
$length_of_length = 1;
// if($len < 192) One octet length, no furthur processing
if($len > 190 && $len < 255) { // Two octet length
$length_of_length = 2;
$len = (($len - 192) << 8) + ord($input[1]) + 192;
}
if($len == 255) { // Five octet length
$length_of_length = 5;
$unpacked = unpack('N', substr($input, 1, 4));
$len = reset($unpacked);
}
$input = substr($input, $length_of_length); // Chop off length header
$tag = ord($input[0]);
$class = self::class_for($tag);
if($class) {
$packet = new $class();
$packet->tag = $tag;
$packet->input = substr($input, 1, $len-1);
$packet->length = $len-1;
$packet->read();
unset($packet->input);
unset($packet->length);
}
$input = substr($input, $len); // Chop off the data from this packet
return $packet;
}
static $hash_algorithms = array(
1 => 'MD5',
2 => 'SHA1',
3 => 'RIPEMD160',
8 => 'SHA256',
9 => 'SHA384',
10 => 'SHA512',
11 => 'SHA224'
);
static $subpacket_types = array(
//0 => 'Reserved',
//1 => 'Reserved',
2 => 'SignatureCreationTime',
3 => 'SignatureExpirationTime',
4 => 'ExportableCertification',
5 => 'TrustSignature',
6 => 'RegularExpression',
7 => 'Revocable',
//8 => 'Reserved',
9 => 'KeyExpirationTime',
//10 => 'Placeholder for backward compatibility',
11 => 'PreferredSymmetricAlgorithms',
12 => 'RevocationKey',
//13 => 'Reserved',
//14 => 'Reserved',
//15 => 'Reserved',
16 => 'Issuer',
//17 => 'Reserved',
//18 => 'Reserved',
//19 => 'Reserved',
20 => 'NotationData',
21 => 'PreferredHashAlgorithms',
22 => 'PreferredCompressionAlgorithms',
23 => 'KeyServerPreferences',
24 => 'PreferredKeyServer',
25 => 'PrimaryUserID',
26 => 'PolicyURI',
27 => 'KeyFlags',
28 => 'SignersUserID',
29 => 'ReasonforRevocation',
30 => 'Features',
31 => 'SignatureTarget',
32 => 'EmbeddedSignature',
);
static function class_for($tag) {
if(!isset(self::$subpacket_types[$tag])) return 'OpenPGP_SignaturePacket_Subpacket';
return 'OpenPGP_SignaturePacket_'.self::$subpacket_types[$tag].'Packet';
}
}
class OpenPGP_SignaturePacket_Subpacket extends OpenPGP_Packet {
function __construct($data=NULL) {
parent::__construct($data);
$this->tag = array_search(substr(substr(get_class($this), 8+16), 0, -6), OpenPGP_SignaturePacket::$subpacket_types);
}
function header_and_body() {
$body = $this->body(); // Get body first, we will need it's length
$size = chr(255).pack('N', strlen($body)+1); // Use 5-octet lengths + 1 for tag as first packet body octet
$tag = chr($this->tag);
return array('header' => $size.$tag, 'body' => $body);
}
/* Defaults for unsupported packets */
function read() {
$this->data = $this->input;
}
function body() {
return $this->data;
}
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-5.2.3.4
*/
class OpenPGP_SignaturePacket_SignatureCreationTimePacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = $this->read_timestamp();
}
function body() {
return pack('N', $this->data);
}
}
class OpenPGP_SignaturePacket_SignatureExpirationTimePacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = $this->read_timestamp();
}
function body() {
return pack('N', $this->data);
}
}
class OpenPGP_SignaturePacket_ExportableCertificationPacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = (ord($this->input) != 0);
}
function body() {
return chr($this->data ? 1 : 0);
}
}
class OpenPGP_SignaturePacket_TrustSignaturePacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->depth = ord($this->input{0});
$this->trust = ord($this->input{1});
}
function body() {
return chr($this->depth) . chr($this->trust);
}
}
class OpenPGP_SignaturePacket_RegularExpressionPacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = substr($this->input, 0, -1);
}
function body() {
return $this->data . chr(0);
}
}
class OpenPGP_SignaturePacket_RevocablePacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = (ord($this->input) != 0);
}
function body() {
return chr($this->data ? 1 : 0);
}
}
class OpenPGP_SignaturePacket_KeyExpirationTimePacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = $this->read_timestamp();
}
function body() {
return pack('N', $this->data);
}
}
class OpenPGP_SignaturePacket_PreferredSymmetricAlgorithmsPacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = array();
while(strlen($this->input) > 0) {
$this->data[] = ord($this->read_byte());
}
}
function body() {
$bytes = '';
foreach($this->data as $algo) {
$bytes .= chr($algo);
}
return $bytes;
}
}
class OpenPGP_SignaturePacket_RevocationKeyPacket extends OpenPGP_SignaturePacket_Subpacket {
public $key_algorithm, $fingerprint, $sensitive;
function read() {
// bitfield must have bit 0x80 set, says the spec
$bitfield = ord($this->read_byte());
$this->sensitive = $bitfield & 0x40 == 0x40;
$this->key_algorithm = ord($this->read_byte());
$this->fingerprint = '';
while(strlen($this->input) > 0) {
$this->fingerprint .= sprintf('%02X',ord($this->read_byte()));
}
}
function body() {
$bytes = '';
$bytes .= chr(0x80 | ($this->sensitive ? 0x40 : 0x00));
$bytes .= chr($this->key_algorithm);
for($i = 0; $i < strlen($this->fingerprint); $i += 2) {
$bytes .= chr(hexdec($this->fingerprint{$i}.$this->fingerprint{$i+1}));
}
return $bytes;
}
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-5.2.3.5
*/
class OpenPGP_SignaturePacket_IssuerPacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
for($i = 0; $i < 8; $i++) { // Store KeyID in Hex
$this->data .= sprintf('%02X',ord($this->read_byte()));
}
}
function body() {
$bytes = '';
for($i = 0; $i < strlen($this->data); $i += 2) {
$bytes .= chr(hexdec($this->data{$i}.$this->data{$i+1}));
}
return $bytes;
}
}
class OpenPGP_SignaturePacket_NotationDataPacket extends OpenPGP_SignaturePacket_Subpacket {
public $human_readable, $name;
function read() {
$flags = $this->read_bytes(4);
$namelen = $this->read_unpacked(2, 'n');
$datalen = $this->read_unpacked(2, 'n');
$this->human_readable = ord($flags[0]) & 0x80 == 0x80;
$this->name = $this->read_bytes($namelen);
$this->data = $this->read_bytes($datalen);
}
function body () {
return chr($this->human_readable ? 0x80 : 0x00) . "\0\0\0" .
pack('n', strlen($this->name)) . pack('n', strlen($this->data)) .
$this->name . $this->data;
}
}
class OpenPGP_SignaturePacket_PreferredHashAlgorithmsPacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = array();
while(strlen($this->input) > 0) {
$this->data[] = ord($this->read_byte());
}
}
function body() {
$bytes = '';
foreach($this->data as $algo) {
$bytes .= chr($algo);
}
return $bytes;
}
}
class OpenPGP_SignaturePacket_PreferredCompressionAlgorithmsPacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = array();
while(strlen($this->input) > 0) {
$this->data[] = ord($this->read_byte());
}
}
function body() {
$bytes = '';
foreach($this->data as $algo) {
$bytes .= chr($algo);
}
return $bytes;
}
}
class OpenPGP_SignaturePacket_KeyServerPreferencesPacket extends OpenPGP_SignaturePacket_Subpacket {
public $no_modify;
function read() {
$flags = ord($this->input);
$this->no_modify = $flags & 0x80 == 0x80;
}
function body() {
return chr($this->no_modify ? 0x80 : 0x00);
}
}
class OpenPGP_SignaturePacket_PreferredKeyServerPacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = $this->input;
}
function body() {
return $this->data;
}
}
class OpenPGP_SignaturePacket_PrimaryUserIDPacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = (ord($this->input) != 0);
}
function body() {
return chr($this->data ? 1 : 0);
}
}
class OpenPGP_SignaturePacket_PolicyURIPacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = $this->input;
}
function body() {
return $this->data;
}
}
class OpenPGP_SignaturePacket_KeyFlagsPacket extends OpenPGP_SignaturePacket_Subpacket {
function __construct($flags=array()) {
parent::__construct();
$this->flags = $flags;
}
function read() {
$this->flags = array();
while($this->input) {
$this->flags[] = ord($this->read_byte());
}
}
function body() {
$bytes = '';
foreach($this->flags as $f) {
$bytes .= chr($f);
}
return $bytes;
}
}
class OpenPGP_SignaturePacket_SignersUserIDPacket extends OpenPGP_SignaturePacket_Subpacket {
function read() {
$this->data = $this->input;
}
function body() {
return $this->data;
}
}
class OpenPGP_SignaturePacket_ReasonforRevocationPacket extends OpenPGP_SignaturePacket_Subpacket {
public $code;
function read() {
$this->code = ord($this->read_byte());
$this->data = $this->input;
}
function body() {
return chr($this->code) . $this->data;
}
}
class OpenPGP_SignaturePacket_FeaturesPacket extends OpenPGP_SignaturePacket_KeyFlagsPacket {
// Identical functionality to parent
}
class OpenPGP_SignaturePacket_SignatureTargetPacket extends OpenPGP_SignaturePacket_Subpacket {
public $key_algorithm, $hash_algorithm;
function read() {
$this->key_algorithm = ord($this->read_byte());
$this->hash_algorithm = ord($this->read_byte());
$this->data = $this->input;
}
function body() {
return chr($this->key_algorithm) . chr($this->hash_algorithm) . $this->data;
}
}
class OpenPGP_SignaturePacket_EmbeddedSignaturePacket extends OpenPGP_SignaturePacket {
// TODO: This is duplicated from subpacket... improve?
function __construct($data=NULL) {
parent::__construct($data);
$this->tag = array_search(substr(substr(get_class($this), 8+16), 0, -6), OpenPGP_SignaturePacket::$subpacket_types);
}
function header_and_body() {
$body = $this->body(); // Get body first, we will need it's length
$size = chr(255).pack('N', strlen($body)+1); // Use 5-octet lengths + 1 for tag as first packet body octet
$tag = chr($this->tag);
return array('header' => $size.$tag, 'body' => $body);
}
}
/**
* OpenPGP Symmetric-Key Encrypted Session Key packet (tag 3).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.3
*/
class OpenPGP_SymmetricSessionKeyPacket extends OpenPGP_Packet {
public $version, $symmetric_algorithm, $s2k, $encrypted_data;
function __construct($s2k=NULL, $encrypted_data='', $symmetric_algorithm=9, $version=3) {
parent::__construct();
$this->version = $version;
$this->symmetric_algorithm = $symmetric_algorithm;
$this->s2k = $s2k;
$this->encrypted_data = $encrypted_data;
}
function read() {
$this->version = ord($this->read_byte());
$this->symmetric_algorithm = ord($this->read_byte());
$this->s2k = OpenPGP_S2k::parse($this->input);
$this->encrypted_data = $this->input;
}
function body() {
return chr($this->version) . chr($this->symmetric_algorithm) .
$this->s2k->to_bytes() . $this->encrypted_data;
}
}
/**
* OpenPGP One-Pass Signature packet (tag 4).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.4
*/
class OpenPGP_OnePassSignaturePacket extends OpenPGP_Packet {
public $version, $signature_type, $hash_algorithm, $key_algorithm, $key_id, $nested;
function read() {
$this->version = ord($this->read_byte());
$this->signature_type = ord($this->read_byte());
$this->hash_algorithm = ord($this->read_byte());
$this->key_algorithm = ord($this->read_byte());
for($i = 0; $i < 8; $i++) { // Store KeyID in Hex
$this->key_id .= sprintf('%02X',ord($this->read_byte()));
}
$this->nested = ord($this->read_byte());
}
function body() {
$body = chr($this->version).chr($this->signature_type).chr($this->hash_algorithm).chr($this->key_algorithm);
for($i = 0; $i < strlen($this->key_id); $i += 2) {
$body .= chr(hexdec($this->key_id{$i}.$this->key_id{$i+1}));
}
$body .= chr((int)$this->nested);
return $body;
}
}
/**
* OpenPGP Public-Key packet (tag 6).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.5.1.1
* @see http://tools.ietf.org/html/rfc4880#section-5.5.2
* @see http://tools.ietf.org/html/rfc4880#section-11.1
* @see http://tools.ietf.org/html/rfc4880#section-12
*/
class OpenPGP_PublicKeyPacket extends OpenPGP_Packet {
public $version, $timestamp, $algorithm;
public $key, $key_id, $fingerprint;
public $v3_days_of_validity;
function __construct($key=array(), $algorithm='RSA', $timestamp=NULL, $version=4) {
parent::__construct();
$this->key = $key;
if(is_string($this->algorithm = $algorithm)) {
$this->algorithm = array_search($this->algorithm, self::$algorithms);
}
$this->timestamp = $timestamp ? $timestamp : time();
$this->version = $version;
if(count($this->key) > 0) {
$this->key_id = substr($this->fingerprint(), -8);
}
}
// Find self signatures in a message, these often contain metadata about the key
function self_signatures($message) {
$sigs = array();
$keyid16 = strtoupper(substr($this->fingerprint, -16));
foreach($message as $p) {
if($p instanceof OpenPGP_SignaturePacket) {
if(strtoupper($p->issuer()) == $keyid16) {
$sigs[] = $p;
} else {
foreach(array_merge($p->hashed_subpackets, $p->unhashed_subpackets) as $s) {
if($s instanceof OpenPGP_SignaturePacket_EmbeddedSignaturePacket && strtoupper($s->issuer()) == $keyid16) {
$sigs[] = $p;
break;
}
}
}
} else if(count($sigs)) break; // After we've seen a self sig, the next non-sig stop all self-sigs
}
return $sigs;
}
// Find expiry time of this key based on the self signatures in a message
function expires($message) {
foreach($this->self_signatures($message) as $p) {
foreach(array_merge($p->hashed_subpackets, $p->unhashed_subpackets) as $s) {
if($s instanceof OpenPGP_SignaturePacket_KeyExpirationTimePacket) {
return $this->timestamp + $s->data;
}
}
}
return NULL; // Never expires
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-5.5.2
*/
function read() {
switch ($this->version = ord($this->read_byte())) {
case 3:
$this->timestamp = $this->read_timestamp();
$this->v3_days_of_validity = $this->read_unpacked(2, 'n');
$this->algorithm = ord($this->read_byte());
$this->read_key_material();
break;
case 4:
$this->timestamp = $this->read_timestamp();
$this->algorithm = ord($this->read_byte());
$this->read_key_material();
}
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-5.5.2
*/
function read_key_material() {
foreach (self::$key_fields[$this->algorithm] as $field) {
$this->key[$field] = $this->read_mpi();
}
$this->key_id = substr($this->fingerprint(), -8);
}
function fingerprint_material() {
switch ($this->version) {
case 3:
$material = array();
foreach (self::$key_fields[$this->algorithm] as $i) {
$material[] = pack('n', OpenPGP::bitlength($this->key[$i]));
$material[] = $this->key[$i];
}
return $material;
case 4:
$head = array(
chr(0x99), NULL,
chr($this->version), pack('N', $this->timestamp),
chr($this->algorithm),
);
$material = array();
foreach (self::$key_fields[$this->algorithm] as $i) {
$material[] = pack('n', OpenPGP::bitlength($this->key[$i]));
$material[] = $this->key[$i];
}
$material = implode('', $material);
$head[1] = pack('n', 6 + strlen($material));
$head[] = $material;
return $head;
}
}
/**
* @see http://tools.ietf.org/html/rfc4880#section-12.2
* @see http://tools.ietf.org/html/rfc4880#section-3.3
*/
function fingerprint() {
switch ($this->version) {
case 2:
case 3:
return $this->fingerprint = strtoupper(md5(implode('', $this->fingerprint_material())));
case 4:
return $this->fingerprint = strtoupper(sha1(implode('', $this->fingerprint_material())));
}
}
function body() {
switch ($this->version) {
case 2:
case 3:
return implode('', array_merge(array(
chr($this->version) . pack('N', $this->timestamp) .
pack('n', $this->v3_days_of_validity) . chr($this->algorithm)
), $this->fingerprint_material())
);
case 4:
return implode('', array_slice($this->fingerprint_material(), 2));
}
}
static $key_fields = array(
1 => array('n', 'e'), // RSA
16 => array('p', 'g', 'y'), // ELG-E
17 => array('p', 'q', 'g', 'y'), // DSA
);
static $algorithms = array(
1 => 'RSA',
2 => 'RSA',
3 => 'RSA',
16 => 'ELGAMAL',
17 => 'DSA',
18 => 'ECC',
19 => 'ECDSA',
21 => 'DH'
);
}
/**
* OpenPGP Public-Subkey packet (tag 14).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.5.1.2
* @see http://tools.ietf.org/html/rfc4880#section-5.5.2
* @see http://tools.ietf.org/html/rfc4880#section-11.1
* @see http://tools.ietf.org/html/rfc4880#section-12
*/
class OpenPGP_PublicSubkeyPacket extends OpenPGP_PublicKeyPacket {
// TODO
}
/**
* OpenPGP Secret-Key packet (tag 5).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.5.1.3
* @see http://tools.ietf.org/html/rfc4880#section-5.5.3
* @see http://tools.ietf.org/html/rfc4880#section-11.2
* @see http://tools.ietf.org/html/rfc4880#section-12
*/
class OpenPGP_SecretKeyPacket extends OpenPGP_PublicKeyPacket {
public $s2k_useage, $s2k, $symmetric_algorithm, $private_hash, $encrypted_data;
function read() {
parent::read(); // All the fields from PublicKey
$this->s2k_useage = ord($this->read_byte());
if($this->s2k_useage == 255 || $this->s2k_useage == 254) {
$this->symmetric_algorithm = ord($this->read_byte());
$this->s2k = OpenPGP_S2k::parse($this->input);
} else if($this->s2k_useage > 0) {
$this->symmetric_algorithm = $this->s2k_useage;
}
if($this->s2k_useage > 0) {
$this->encrypted_data = $this->input; // Rest of input is MPIs and checksum (encrypted)
} else {
$this->key_from_input();
$this->private_hash = $this->read_bytes(2); // TODO: Validate checksum?
}
}
static $secret_key_fields = array(
1 => array('d', 'p', 'q', 'u'), // RSA
2 => array('d', 'p', 'q', 'u'), // RSA-E
3 => array('d', 'p', 'q', 'u'), // RSA-S
16 => array('x'), // ELG-E
17 => array('x'), // DSA
);
function key_from_input() {
foreach(self::$secret_key_fields[$this->algorithm] as $field) {
$this->key[$field] = $this->read_mpi();
}
}
function body() {
$bytes = parent::body() . chr($this->s2k_useage);
$secret_material = NULL;
if($this->s2k_useage == 255 || $this->s2k_useage == 254) {
$bytes .= chr($this->symmetric_algorithm);
$bytes .= $this->s2k->to_bytes();
}
if($this->s2k_useage > 0) {
$bytes .= $this->encrypted_data;
} else {
$secret_material = '';
foreach(self::$secret_key_fields[$this->algorithm] as $f) {
$f = $this->key[$f];
$secret_material .= pack('n', OpenPGP::bitlength($f));
$secret_material .= $f;
}
$bytes .= $secret_material;
// 2-octet checksum
$chk = 0;
for($i = 0; $i < strlen($secret_material); $i++) {
$chk = ($chk + ord($secret_material[$i])) % 65536;
}
$bytes .= pack('n', $chk);
}
return $bytes;
}
}
/**
* OpenPGP Secret-Subkey packet (tag 7).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.5.1.4
* @see http://tools.ietf.org/html/rfc4880#section-5.5.3
* @see http://tools.ietf.org/html/rfc4880#section-11.2
* @see http://tools.ietf.org/html/rfc4880#section-12
*/
class OpenPGP_SecretSubkeyPacket extends OpenPGP_SecretKeyPacket {
// TODO
}
/**
* OpenPGP Compressed Data packet (tag 8).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.6
*/
class OpenPGP_CompressedDataPacket extends OpenPGP_Packet implements IteratorAggregate, ArrayAccess {
public $algorithm;
/* see http://tools.ietf.org/html/rfc4880#section-9.3 */
static $algorithms = array(0 => 'Uncompressed', 1 => 'ZIP', 2 => 'ZLIB', 3 => 'BZip2');
function read() {
$this->algorithm = ord($this->read_byte());
$this->data = $this->read_bytes($this->length);
switch($this->algorithm) {
case 0:
$this->data = OpenPGP_Message::parse($this->data);
break;
case 1:
$this->data = OpenPGP_Message::parse(gzinflate($this->data));
break;
case 2:
$this->data = OpenPGP_Message::parse(gzuncompress($this->data));
break;
case 3:
$this->data = OpenPGP_Message::parse(bzdecompress($this->data));
break;
default:
/* TODO error? */
}
}
function body() {
$body = chr($this->algorithm);
switch($this->algorithm) {
case 0:
$body .= $this->data->to_bytes();
break;
case 1:
$body .= gzdeflate($this->data->to_bytes());
break;
case 2:
$body .= gzcompress($this->data->to_bytes());
break;
case 3:
$body .= bzcompress($this->data->to_bytes());
break;
default:
/* TODO error? */
}
return $body;
}
// IteratorAggregate interface
function getIterator() {
return new ArrayIterator($this->data->packets);
}
// ArrayAccess interface
function offsetExists($offset) {
return isset($this->data[$offset]);
}
function offsetGet($offset) {
return $this->data[$offset];
}
function offsetSet($offset, $value) {
return is_null($offset) ? $this->data[] = $value : $this->data[$offset] = $value;
}
function offsetUnset($offset) {
unset($this->data[$offset]);
}
}
/**
* OpenPGP Symmetrically Encrypted Data packet (tag 9).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.7
*/
class OpenPGP_EncryptedDataPacket extends OpenPGP_Packet {
function read() {
$this->data = $this->input;
}
function body() {
return $this->data;
}
}
/**
* OpenPGP Marker packet (tag 10).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.8
*/
class OpenPGP_MarkerPacket extends OpenPGP_Packet {
// TODO
}
/**
* OpenPGP Literal Data packet (tag 11).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.9
*/
class OpenPGP_LiteralDataPacket extends OpenPGP_Packet {
public $format, $filename, $timestamp;
function __construct($data=NULL, $opt=array()) {
parent::__construct();
$this->data = $data;
$this->format = isset($opt['format']) ? $opt['format'] : 'b';
$this->filename = isset($opt['filename']) ? $opt['filename'] : 'data';
$this->timestamp = isset($opt['timestamp']) ? $opt['timestamp'] : time();
}
function normalize() {
if($this->format == 'u' || $this->format == 't') { // Normalize line endings
$this->data = str_replace("\n", "\r\n", str_replace("\r", "\n", str_replace("\r\n", "\n", $this->data)));
}
}
function read() {
$this->size = $this->length - 1 - 4;
$this->format = $this->read_byte();
$filename_length = ord($this->read_byte());
$this->size -= $filename_length;
$this->filename = $this->read_bytes($filename_length);
$this->timestamp = $this->read_timestamp();
$this->data = $this->read_bytes($this->size);
}
function body() {
return $this->format.chr(strlen($this->filename)).$this->filename.pack('N', $this->timestamp).$this->data;
}
}
/**
* OpenPGP Trust packet (tag 12).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.10
*/
class OpenPGP_TrustPacket extends OpenPGP_Packet {
function read() {
$this->data = $this->input;
}
function body() {
return $this->data;
}
}
/**
* OpenPGP User ID packet (tag 13).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.11
* @see http://tools.ietf.org/html/rfc2822
*/
class OpenPGP_UserIDPacket extends OpenPGP_Packet {
public $name, $comment, $email;
function __construct($name='', $comment='', $email='') {
parent::__construct();
if(!$comment && !$email) {
$this->input = $name;
$this->read();
} else {
$this->name = $name;
$this->comment = $comment;
$this->email = $email;
}
}
function read() {
$this->data = $this->input;
// User IDs of the form: "name (comment) <email>"
if (preg_match('/^([^\(]+)\(([^\)]+)\)\s+<([^>]+)>$/', $this->data, $matches)) {
$this->name = trim($matches[1]);
$this->comment = trim($matches[2]);
$this->email = trim($matches[3]);
}
// User IDs of the form: "name <email>"
else if (preg_match('/^([^<]+)\s+<([^>]+)>$/', $this->data, $matches)) {
$this->name = trim($matches[1]);
$this->comment = NULL;
$this->email = trim($matches[2]);
}
// User IDs of the form: "name"
else if (preg_match('/^([^<]+)$/', $this->data, $matches)) {
$this->name = trim($matches[1]);
$this->comment = NULL;
$this->email = NULL;
}
// User IDs of the form: "<email>"
else if (preg_match('/^<([^>]+)>$/', $this->data, $matches)) {
$this->name = NULL;
$this->comment = NULL;
$this->email = trim($matches[2]);
}
}
function __toString() {
$text = array();
if ($this->name) { $text[] = $this->name; }
if ($this->comment) { $text[] = "({$this->comment})"; }
if ($this->email) { $text[] = "<{$this->email}>"; }
return implode(' ', $text);
}
function body() {
return ''.$this; // Convert to string is the body
}
}
/**
* OpenPGP User Attribute packet (tag 17).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.12
* @see http://tools.ietf.org/html/rfc4880#section-11.1
*/
class OpenPGP_UserAttributePacket extends OpenPGP_Packet {
public $packets;
// TODO
}
/**
* OpenPGP Sym. Encrypted Integrity Protected Data packet (tag 18).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.13
*/
class OpenPGP_IntegrityProtectedDataPacket extends OpenPGP_EncryptedDataPacket {
public $version;
function __construct($data='', $version=1) {
parent::__construct();
$this->version = $version;
$this->data = $data;
}
function read() {
$this->version = ord($this->read_byte());
$this->data = $this->input;
}
function body() {
return chr($this->version) . $this->data;
}
}
/**
* OpenPGP Modification Detection Code packet (tag 19).
*
* @see http://tools.ietf.org/html/rfc4880#section-5.14
*/
class OpenPGP_ModificationDetectionCodePacket extends OpenPGP_Packet {
function __construct($sha1='') {
parent::__construct();
$this->data = $sha1;
}
function read() {
$this->data = $this->input;
if(strlen($this->input) != 20) throw new Exception("Bad ModificationDetectionCodePacket");
}
function header_and_body() {
$body = $this->body(); // Get body first, we will need it's length
if(strlen($body) != 20) throw new Exception("Bad ModificationDetectionCodePacket");
return array('header' => "\xD3\x14", 'body' => $body);
}
function body() {
return $this->data;
}
}
/**
* OpenPGP Private or Experimental packet (tags 60..63).
*
* @see http://tools.ietf.org/html/rfc4880#section-4.3
*/
class OpenPGP_ExperimentalPacket extends OpenPGP_Packet {}

261
securemail/vendor/singpolyma/openpgp-php/lib/openpgp_crypt_rsa.php vendored Normal file
View file

@ -0,0 +1,261 @@
<?php
// This is free and unencumbered software released into the public domain.
/**
* OpenPGP_Crypt_RSA.php is a wrapper for using the classes from OpenPGP.php with Crypt_RSA
*
* @package OpenPGP
*/
// From http://phpseclib.sourceforge.net/
require_once 'Crypt/RSA.php';
require_once dirname(__FILE__).'/openpgp.php';
@include_once dirname(__FILE__).'/openpgp_crypt_symmetric.php'; /* For encrypt/decrypt */
class OpenPGP_Crypt_RSA {
protected $key, $message;
// Construct a wrapper object from a key or a message packet
function __construct($packet) {
if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet);
if($packet instanceof OpenPGP_PublicKeyPacket || $packet[0] instanceof OpenPGP_PublicKeyPacket) { // If it's a key (other keys are subclasses of this one)
$this->key = $packet;
} else {
$this->message = $packet;
}
}
function key($keyid=NULL) {
if(!$this->key) return NULL; // No key
if($this->key instanceof OpenPGP_Message) {
foreach($this->key as $p) {
if($p instanceof OpenPGP_PublicKeyPacket) {
if(!$keyid || strtoupper(substr($p->fingerprint, strlen($keyid)*-1)) == strtoupper($keyid)) return $p;
}
}
}
return $this->key;
}
// Get Crypt_RSA for the public key
function public_key($keyid=NULL) {
return self::convert_public_key($this->key($keyid));
}
// Get Crypt_RSA for the private key
function private_key($keyid=NULL) {
return self::convert_private_key($this->key($keyid));
}
// Pass a message to verify with this key, or a key (OpenPGP or Crypt_RSA) to check this message with
// Second optional parameter to specify which signature to verify (if there is more than one)
function verify($packet) {
$self = $this; // For old PHP
if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet);
if(!$this->message) {
$m = $packet;
$verifier = function($m, $s) use($self) {
$key = $self->public_key($s->issuer());
if(!$key) return false;
$key->setHash(strtolower($s->hash_algorithm_name()));
return $key->verify($m, reset($s->data));
};
} else {
if(!($packet instanceof Crypt_RSA)) {
$packet = new self($packet);
}
$m = $this->message;
$verifier = function($m, $s) use($self, $packet) {
if(!($packet instanceof Crypt_RSA)) {
$key = $packet->public_key($s->issuer());
}
if(!$key) return false;
$key->setHash(strtolower($s->hash_algorithm_name()));
return $key->verify($m, reset($s->data));
};
}
return $m->verified_signatures(array('RSA' => array(
'MD5' => $verifier,
'SHA1' => $verifier,
'SHA224' => $verifier,
'SHA256' => $verifier,
'SHA384' => $verifier,
'SHA512' => $verifier
)));
}
// Pass a message to sign with this key, or a secret key to sign this message with
// Second parameter is hash algorithm to use (default SHA256)
// Third parameter is the 16-digit key ID to use... defaults to the key id in the key packet
function sign($packet, $hash='SHA256', $keyid=NULL) {
if(!is_object($packet)) {
if($this->key) {
$packet = new OpenPGP_LiteralDataPacket($packet);
} else {
$packet = OpenPGP_Message::parse($packet);
}
}
if($packet instanceof OpenPGP_SecretKeyPacket || $packet instanceof Crypt_RSA
|| ($packet instanceof ArrayAccess && $packet[0] instanceof OpenPGP_SecretKeyPacket)) {
$key = $packet;
$message = $this->message;
} else {
$key = $this->key;
$message = $packet;
}
if(!$key || !$message) return NULL; // Missing some data
if($message instanceof OpenPGP_Message) {
$sign = $message->signatures();
$message = $sign[0][0];
}
if(!($key instanceof Crypt_RSA)) {
$key = new self($key);
if(!$keyid) $keyid = substr($key->key()->fingerprint, -16, 16);
$key = $key->private_key($keyid);
}
$key->setHash(strtolower($hash));
$sig = new OpenPGP_SignaturePacket($message, 'RSA', strtoupper($hash));
$sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid);
$sig->sign_data(array('RSA' => array($hash => function($data) use($key) {return array($key->sign($data));})));
return new OpenPGP_Message(array($sig, $message));
}
/** Pass a message with a key and userid packet to sign */
// TODO: merge this with the normal sign function
function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) {
if(is_array($packet)) {
$packet = new OpenPGP_Message($packet);
} else if(!is_object($packet)) {
$packet = OpenPGP_Message::parse($packet);
}
$key = $this->private_key($keyid);
if(!$key || !$packet) return NULL; // Missing some data
if(!$keyid) $keyid = substr($this->key->fingerprint, -16);
$key->setHash(strtolower($hash));
$sig = NULL;
foreach($packet as $p) {
if($p instanceof OpenPGP_SignaturePacket) $sig = $p;
}
if(!$sig) {
$sig = new OpenPGP_SignaturePacket($packet, 'RSA', strtoupper($hash));
$sig->signature_type = 0x13;
$sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x01, 0x02));
$sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid);
$packet[] = $sig;
}
$sig->sign_data(array('RSA' => array($hash => function($data) use($key) {return array($key->sign($data));})));
return $packet;
}
function decrypt($packet) {
if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet);
if($packet instanceof OpenPGP_SecretKeyPacket || $packet instanceof Crypt_RSA
|| ($packet instanceof ArrayAccess && $packet[0] instanceof OpenPGP_SecretKeyPacket)) {
$keys = $packet;
$message = $this->message;
} else {
$keys = $this->key;
$message = $packet;
}
if(!$keys || !$message) return NULL; // Missing some data
if(!($keys instanceof Crypt_RSA)) {
$keys = new self($keys);
}
foreach($message as $p) {
if($p instanceof OpenPGP_AsymmetricSessionKeyPacket) {
if($keys instanceof Crypt_RSA) {
$sk = self::try_decrypt_session($keys, substr($p->encrypted_data, 2));
} else if(strlen(str_replace('0', '', $p->keyid)) < 1) {
foreach($keys->key as $k) {
$sk = self::try_decrypt_session(self::convert_private_key($k), substr($p->encrypted_data, 2));
if($sk) break;
}
} else {
$key = $keys->private_key($p->keyid);
$sk = self::try_decrypt_session($key, substr($p->encrypted_data, 2));
}
if(!$sk) continue;
$r = OpenPGP_Crypt_Symmetric::decryptPacket(OpenPGP_Crypt_Symmetric::getEncryptedData($message), $sk[0], $sk[1]);
if($r) return $r;
}
}
return NULL; /* Failed */
}
static function try_decrypt_session($key, $edata) {
$key->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$data = $key->decrypt($edata);
$sk = substr($data, 1, strlen($data)-3);
$chk = unpack('n', substr($data, -2));
$chk = reset($chk);
$sk_chk = 0;
for($i = 0; $i < strlen($sk); $i++) {
$sk_chk = ($sk_chk + ord($sk{$i})) % 65536;
}
if($sk_chk != $chk) return NULL;
return array(ord($data{0}), $sk);
}
static function crypt_rsa_key($mod, $exp, $hash='SHA256') {
$rsa = new Crypt_RSA();
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->setHash(strtolower($hash));
$rsa->modulus = new Math_BigInteger($mod, 256);
$rsa->k = strlen($rsa->modulus->toBytes());
$rsa->exponent = new Math_BigInteger($exp, 256);
$rsa->setPublicKey();
return $rsa;
}
static function convert_key($packet, $private=false) {
if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet);
if($packet instanceof OpenPGP_Message) $packet = $packet[0];
$mod = $packet->key['n'];
$exp = $packet->key['e'];
if($private) $exp = $packet->key['d'];
if(!$exp) return NULL; // Packet doesn't have needed data
$rsa = self::crypt_rsa_key($mod, $exp);
if($private) {
if($packet->key['p'] && $packet->key['q']) $rsa->primes = array($packet->key['p'], $packet->key['q']);
if($packet->key['u']) $rsa->coefficients = array($packet->key['u']);
}
return $rsa;
}
static function convert_public_key($packet) {
return self::convert_key($packet, false);
}
static function convert_private_key($packet) {
return self::convert_key($packet, true);
}
}
?>

196
securemail/vendor/singpolyma/openpgp-php/lib/openpgp_crypt_symmetric.php vendored Normal file
View file

@ -0,0 +1,196 @@
<?php
require_once dirname(__FILE__).'/openpgp.php';
@include_once dirname(__FILE__).'/openpgp_crypt_rsa.php';
@include_once dirname(__FILE__).'/openpgp_mcrypt_wrapper.php';
@include_once 'Crypt/AES.php';
@include_once 'Crypt/TripleDES.php';
require_once 'Crypt/Random.php'; // part of phpseclib is absolutely required
class OpenPGP_Crypt_Symmetric {
public static function encrypt($passphrases_and_keys, $message, $symmetric_algorithm=9) {
list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm);
if(!$cipher) throw new Exception("Unsupported cipher");
$prefix = crypt_random_string($key_block_bytes);
$prefix .= substr($prefix, -2);
$key = crypt_random_string($key_bytes);
$cipher->setKey($key);
$to_encrypt = $prefix . $message->to_bytes();
$mdc = new OpenPGP_ModificationDetectionCodePacket(hash('sha1', $to_encrypt . "\xD3\x14", true));
$to_encrypt .= $mdc->to_bytes();
$encrypted = array(new OpenPGP_IntegrityProtectedDataPacket($cipher->encrypt($to_encrypt)));
if(!is_array($passphrases_and_keys) && !($passphrases_and_keys instanceof IteratorAggregate)) {
$passphrases_and_keys = (array)$passphrases_and_keys;
}
foreach($passphrases_and_keys as $pass) {
if($pass instanceof OpenPGP_PublicKeyPacket) {
if(!in_array($pass->algorithm, array(1,2,3))) throw new Exception("Only RSA keys are supported.");
$crypt_rsa = new OpenPGP_Crypt_RSA($pass);
$rsa = $crypt_rsa->public_key();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$esk = $rsa->encrypt(chr($symmetric_algorithm) . $key . pack('n', self::checksum($key)));
$esk = pack('n', OpenPGP::bitlength($esk)) . $esk;
array_unshift($encrypted, new OpenPGP_AsymmetricSessionKeyPacket($pass->algorithm, $pass->fingerprint(), $esk));
} else if(is_string($pass)) {
$s2k = new OpenPGP_S2K(crypt_random_string(10));
$cipher->setKey($s2k->make_key($pass, $key_bytes));
$esk = $cipher->encrypt(chr($symmetric_algorithm) . $key);
array_unshift($encrypted, new OpenPGP_SymmetricSessionKeyPacket($s2k, $esk, $symmetric_algorithm));
}
}
return new OpenPGP_Message($encrypted);
}
public static function decryptSymmetric($pass, $m) {
$epacket = self::getEncryptedData($m);
foreach($m as $p) {
if($p instanceof OpenPGP_SymmetricSessionKeyPacket) {
if(strlen($p->encrypted_data) > 0) {
list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($p->symmetric_algorithm);
if(!$cipher) continue;
$cipher->setKey($p->s2k->make_key($pass, $key_bytes));
$padAmount = $key_block_bytes - (strlen($p->encrypted_data) % $key_block_bytes);
$data = substr($cipher->decrypt($p->encrypted_data . str_repeat("\0", $padAmount)), 0, strlen($p->encrypted_data));
$decrypted = self::decryptPacket($epacket, ord($data{0}), substr($data, 1));
} else {
list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($p->symmetric_algorithm);
$decrypted = self::decryptPacket($epacket, $p->symmetric_algorithm, $p->s2k->make_key($pass, $key_bytes));
}
if($decrypted) return $decrypted;
}
}
return NULL; /* If we get here, we failed */
}
public static function decryptSecretKey($pass, $packet) {
$packet = clone $packet; // Do not mutate orinigal
list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($packet->symmetric_algorithm);
if(!$cipher) throw new Exception("Unsupported cipher");
$cipher->setKey($packet->s2k->make_key($pass, $key_bytes));
$cipher->setIV(substr($packet->encrypted_data, 0, $key_block_bytes));
$material = $cipher->decrypt(substr($packet->encrypted_data, $key_block_bytes));
if($packet->s2k_useage == 254) {
$chk = substr($material, -20);
$material = substr($material, 0, -20);
if($chk != hash('sha1', $material, true)) return NULL;
} else {
$chk = unpack('n', substr($material, -2));
$chk = reset($chk);
$material = substr($material, 0, -2);
$mkChk = self::checksum($material);
if($chk != $mkChk) return NULL;
}
$packet->s2k_useage = 0;
$packet->symmetric_algorithm = 0;
$packet->encrypted_data = NULL;
$packet->input = $material;
$packet->key_from_input();
unset($packet->input);
return $packet;
}
public static function decryptPacket($epacket, $symmetric_algorithm, $key) {
list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm);
if(!$cipher) return NULL;
$cipher->setKey($key);
if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) {
$padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes);
$data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data));
$prefix = substr($data, 0, $key_block_bytes + 2);
$mdc = substr(substr($data, -22, 22), 2);
$data = substr($data, $key_block_bytes + 2, -22);
$mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true);
if($mkMDC !== $mdc) return false;
try {
$msg = OpenPGP_Message::parse($data);
} catch (Exception $ex) { $msg = NULL; }
if($msg) return $msg; /* Otherwise keep trying */
} else {
// No MDC mean decrypt with resync
$iv = substr($epacket->data, 2, $key_block_bytes);
$edata = substr($epacket->data, $key_block_bytes + 2);
$padAmount = $key_block_bytes - (strlen($edata) % $key_block_bytes);
$cipher->setIV($iv);
$data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata));
try {
$msg = OpenPGP_Message::parse($data);
} catch (Exception $ex) { $msg = NULL; }
if($msg) return $msg; /* Otherwise keep trying */
}
return NULL; /* Failed */
}
public static function getCipher($algo) {
$cipher = NULL;
switch($algo) {
case 2:
if(class_exists('Crypt_TripleDES')) {
$cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB);
$key_bytes = 24;
$key_block_bytes = 8;
}
break;
case 3:
if(defined('MCRYPT_CAST_128')) {
$cipher = new MCryptWrapper(MCRYPT_CAST_128);
}
break;
case 7:
if(class_exists('Crypt_AES')) {
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(128);
}
break;
case 8:
if(class_exists('Crypt_AES')) {
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(192);
}
break;
case 9:
if(class_exists('Crypt_AES')) {
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(256);
}
break;
}
if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher
if(!isset($key_bytes)) $key_bytes = $cipher->key_size;
if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size;
return array($cipher, $key_bytes, $key_block_bytes);
}
public static function getEncryptedData($m) {
foreach($m as $p) {
if($p instanceof OpenPGP_EncryptedDataPacket) return $p;
}
throw new Exception("Can only decrypt EncryptedDataPacket");
}
public static function checksum($s) {
$mkChk = 0;
for($i = 0; $i < strlen($s); $i++) {
$mkChk = ($mkChk + ord($s{$i})) % 65536;
}
return $mkChk;
}
}

31
securemail/vendor/singpolyma/openpgp-php/lib/openpgp_mcrypt_wrapper.php vendored Normal file
View file

@ -0,0 +1,31 @@
<?php
if(function_exists('mcrypt_encrypt') && defined('MCRYPT_MODE_CFB')) {
class MCryptWrapper {
public $cipher, $key, $iv, $key_size, $block_size;
function __construct($cipher) {
$this->cipher = $cipher;
$this->key_size = mcrypt_module_get_algo_key_size($cipher);
$this->block_size = mcrypt_module_get_algo_block_size($cipher);
$this->iv = str_repeat("\0", mcrypt_get_iv_size($cipher, 'ncfb'));
}
function setKey($key) {
$this->key = $key;
}
function setIV($iv) {
$this->iv = $iv;
}
function encrypt($data) {
return mcrypt_encrypt($this->cipher, $this->key, $data, 'ncfb', $this->iv);
}
function decrypt($data) {
return mcrypt_decrypt($this->cipher, $this->key, $data, 'ncfb', $this->iv);
}
}
}