Rev 30 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 30 | Rev 31 | ||
|---|---|---|---|
| Line 1... | Line 1... | ||
| 1 | <?php |
1 | <?php |
| 2 | 2 | ||
| 3 | /* |
3 | /* |
| 4 | * OpenSSL php functions implemented using phpseclib |
4 | * OpenSSL php functions implemented using phpseclib |
| 5 | * Copyright 2022 Daniel Marschall, ViaThinkSoft |
5 | * Copyright 2022 Daniel Marschall, ViaThinkSoft |
| 6 | * Version 2022-04-09 |
6 | * Version 2022-04-10 |
| 7 | * |
7 | * |
| 8 | * Licensed under the Apache License, Version 2.0 (the "License"); |
8 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 9 | * you may not use this file except in compliance with the License. |
9 | * you may not use this file except in compliance with the License. |
| 10 | * You may obtain a copy of the License at |
10 | * You may obtain a copy of the License at |
| 11 | * |
11 | * |
| Line 50... | Line 50... | ||
| 50 | function openssl_pkey_new($pkey_config=null) { |
50 | function openssl_pkey_new($pkey_config=null) { |
| 51 | try { |
51 | try { |
| 52 | $algo = $pkey_config && isset($pkey_config["private_key_type"]) ? $pkey_config["private_key_type"] : OPENSSL_KEYTYPE_RSA; |
52 | $algo = $pkey_config && isset($pkey_config["private_key_type"]) ? $pkey_config["private_key_type"] : OPENSSL_KEYTYPE_RSA; |
| 53 | $bits = $pkey_config && isset($pkey_config["private_key_bits"]) ? $pkey_config["private_key_bits"] : 2048; |
53 | $bits = $pkey_config && isset($pkey_config["private_key_bits"]) ? $pkey_config["private_key_bits"] : 2048; |
| 54 | 54 | ||
| - | 55 | // TODO: Also support $pkey_config['encrypt_key'] and $pkey_config['encrypt_key_cipher'] ? |
|
| - | 56 | ||
| 55 | if ($algo == OPENSSL_KEYTYPE_RSA) { |
57 | if ($algo == OPENSSL_KEYTYPE_RSA) { |
| 56 | $private = \phpseclib3\Crypt\RSA::createKey($bits); |
58 | $private = \phpseclib3\Crypt\RSA::createKey($bits); |
| 57 | } else { |
59 | } else { |
| 58 | throw new Exception("Algo not implemented"); |
60 | throw new Exception("Algo not implemented"); |
| 59 | } |
61 | } |
| Line 70... | Line 72... | ||
| 70 | } |
72 | } |
| 71 | } |
73 | } |
| 72 | 74 | ||
| 73 | function openssl_pkey_export($res, &$privKey, $passphrase = null, $options = null) { |
75 | function openssl_pkey_export($res, &$privKey, $passphrase = null, $options = null) { |
| 74 | try { |
76 | try { |
| 75 | if (!is_null($passphrase)) throw new Exception("passphrase not implemented"); |
77 | if ($res instanceof \phpseclib3\Crypt\Common\PrivateKey /*\phpseclib3\Crypt\RSA\PrivateKey*/ ) { |
| - | 78 | $privKey = $res; |
|
| - | 79 | if (!is_null($passphrase)) { |
|
| - | 80 | $privKey = $res->withPassword($passphrase); |
|
| - | 81 | } |
|
| - | 82 | $privKey = $privKey.""; |
|
| - | 83 | return true; |
|
| - | 84 | } else if (is_string($res)) { |
|
| - | 85 | $privKey = $res; |
|
| - | 86 | if (!is_null($passphrase)) { |
|
| 76 | //if (!is_null($options)) throw new Exception("options not implemented"); |
87 | $privKey = \phpseclib3\Crypt\RSA::load($privKey); |
| - | 88 | $privKey = $res->withPassword($passphrase); |
|
| - | 89 | $privKey = $privKey.""; |
|
| - | 90 | } |
|
| - | 91 | return true; |
|
| - | 92 | } else if (is_array($res)) { |
|
| 77 | $privKey = $res[2].""; |
93 | $privKey = $res[2].""; |
| - | 94 | if (!is_null($passphrase)) { |
|
| - | 95 | $privKey = \phpseclib3\Crypt\RSA::load($privKey); |
|
| - | 96 | $privKey = $res->withPassword($passphrase); |
|
| - | 97 | $privKey = $privKey.""; |
|
| - | 98 | } |
|
| 78 | return true; |
99 | return true; |
| - | 100 | } else { |
|
| - | 101 | throw new Exception("Invalid input datatype"); |
|
| - | 102 | } |
|
| 79 | } catch (Exception $e) { |
103 | } catch (Exception $e) { |
| 80 | global $openssl_supplement_last_error; |
104 | global $openssl_supplement_last_error; |
| 81 | $openssl_supplement_last_error = $e->getMessage(); |
105 | $openssl_supplement_last_error = $e->getMessage(); |
| 82 | return false; |
106 | return false; |
| 83 | } |
107 | } |
| Line 92... | Line 116... | ||
| 92 | } |
116 | } |
| 93 | 117 | ||
| 94 | function openssl_public_encrypt($data, &$encrypted, $pubKey) { |
118 | function openssl_public_encrypt($data, &$encrypted, $pubKey) { |
| 95 | try { |
119 | try { |
| 96 | if (is_string($pubKey)) $pubKey = openssl_pkey_get_public($pubKey); |
120 | if (is_string($pubKey)) $pubKey = openssl_pkey_get_public($pubKey); |
| - | 121 | if (!is_object($pubKey) || !method_exists($pubKey,'encrypt')) |
|
| - | 122 | throw new Exception("Invalid input datatype"); |
|
| 97 | $encrypted = $pubKey->encrypt($data); |
123 | $encrypted = $pubKey->encrypt($data); |
| 98 | return true; |
124 | return true; |
| 99 | } catch (Exception $e) { |
125 | } catch (Exception $e) { |
| 100 | global $openssl_supplement_last_error; |
126 | global $openssl_supplement_last_error; |
| 101 | $openssl_supplement_last_error = $e->getMessage(); |
127 | $openssl_supplement_last_error = $e->getMessage(); |
| Line 104... | Line 130... | ||
| 104 | } |
130 | } |
| 105 | 131 | ||
| 106 | function openssl_private_decrypt($encrypted, &$decrypted, $privKey) { |
132 | function openssl_private_decrypt($encrypted, &$decrypted, $privKey) { |
| 107 | try { |
133 | try { |
| 108 | if (is_string($privKey)) $privKey = openssl_pkey_get_private($privKey); |
134 | if (is_string($privKey)) $privKey = openssl_pkey_get_private($privKey); |
| - | 135 | if (!is_object($privKey) || !method_exists($privKey,'decrypt')) |
|
| - | 136 | throw new Exception("Invalid input datatype"); |
|
| 109 | $decrypted = $privKey->decrypt($encrypted); |
137 | $decrypted = $privKey->decrypt($encrypted); |
| 110 | return true; |
138 | return true; |
| 111 | } catch (Exception $e) { |
139 | } catch (Exception $e) { |
| 112 | global $openssl_supplement_last_error; |
140 | global $openssl_supplement_last_error; |
| 113 | $openssl_supplement_last_error = $e->getMessage(); |
141 | $openssl_supplement_last_error = $e->getMessage(); |
| Line 124... | Line 152... | ||
| 124 | if ($algorithm == OPENSSL_ALGO_SHA512) $algorithm = 'SHA512'; |
152 | if ($algorithm == OPENSSL_ALGO_SHA512) $algorithm = 'SHA512'; |
| 125 | if ($algorithm == OPENSSL_ALGO_RMD160) $algorithm = 'RMD160'; |
153 | if ($algorithm == OPENSSL_ALGO_RMD160) $algorithm = 'RMD160'; |
| 126 | if ($algorithm == OPENSSL_ALGO_MD5) $algorithm = 'MD5'; |
154 | if ($algorithm == OPENSSL_ALGO_MD5) $algorithm = 'MD5'; |
| 127 | if ($algorithm == OPENSSL_ALGO_MD4) $algorithm = 'MD4'; |
155 | if ($algorithm == OPENSSL_ALGO_MD4) $algorithm = 'MD4'; |
| 128 | if (is_string($public)) $public = openssl_pkey_get_public($public); |
156 | if (is_string($public)) $public = openssl_pkey_get_public($public); |
| - | 157 | if (!is_object($public) || !method_exists($public,'verify')) |
|
| - | 158 | throw new Exception("Invalid input datatype"); |
|
| 129 | return $public->withHash($algorithm)->verify($msg, $signature) ? 1 : 0; |
159 | return $public->withHash($algorithm)->verify($msg, $signature) ? 1 : 0; |
| 130 | } catch (Exception $e) { |
160 | } catch (Exception $e) { |
| 131 | global $openssl_supplement_last_error; |
161 | global $openssl_supplement_last_error; |
| 132 | $openssl_supplement_last_error = $e->getMessage(); |
162 | $openssl_supplement_last_error = $e->getMessage(); |
| 133 | return false; |
163 | return false; |
| Line 143... | Line 173... | ||
| 143 | if ($algorithm == OPENSSL_ALGO_SHA512) $algorithm = 'SHA512'; |
173 | if ($algorithm == OPENSSL_ALGO_SHA512) $algorithm = 'SHA512'; |
| 144 | if ($algorithm == OPENSSL_ALGO_RMD160) $algorithm = 'RMD160'; |
174 | if ($algorithm == OPENSSL_ALGO_RMD160) $algorithm = 'RMD160'; |
| 145 | if ($algorithm == OPENSSL_ALGO_MD5) $algorithm = 'MD5'; |
175 | if ($algorithm == OPENSSL_ALGO_MD5) $algorithm = 'MD5'; |
| 146 | if ($algorithm == OPENSSL_ALGO_MD4) $algorithm = 'MD4'; |
176 | if ($algorithm == OPENSSL_ALGO_MD4) $algorithm = 'MD4'; |
| 147 | if (is_string($private)) $private = openssl_pkey_get_private($private); |
177 | if (is_string($private)) $private = openssl_pkey_get_private($private); |
| - | 178 | if (!is_object($private) || !method_exists($private,'sign')) |
|
| - | 179 | throw new Exception("Invalid input datatype"); |
|
| 148 | $signature = $private->withHash($algorithm)->sign($msg); |
180 | $signature = $private->withHash($algorithm)->sign($msg); |
| 149 | return true; |
181 | return true; |
| 150 | } catch (Exception $e) { |
182 | } catch (Exception $e) { |
| 151 | global $openssl_supplement_last_error; |
183 | global $openssl_supplement_last_error; |
| 152 | $openssl_supplement_last_error = $e->getMessage(); |
184 | $openssl_supplement_last_error = $e->getMessage(); |
| Line 240... | Line 272... | ||
| 240 | if (!file_exists($file = substr($key, 7))) throw new Exception("file not found"); |
272 | if (!file_exists($file = substr($key, 7))) throw new Exception("file not found"); |
| 241 | $key = file_get_contents($file); |
273 | $key = file_get_contents($file); |
| 242 | } |
274 | } |
| 243 | if (is_null($passphrase)) $passphrase = false; |
275 | if (is_null($passphrase)) $passphrase = false; |
| 244 | $privKey = \phpseclib3\Crypt\RSA::load($key, $passphrase); |
276 | $privKey = \phpseclib3\Crypt\RSA::load($key, $passphrase); |
| 245 | return $privKey->withPadding(\phpseclib3\Crypt\RSA::ENCRYPTION_PKCS1 | \phpseclib3\Crypt\RSA::SIGNATURE_PKCS1); /** @phpstan-ignore-line */ // Call to an undefined method phpseclib3\Crypt\Common\AsymmetricKey::withPadding(). |
277 | return $privKey->withPassword(false)->withPadding(\phpseclib3\Crypt\RSA::ENCRYPTION_PKCS1 | \phpseclib3\Crypt\RSA::SIGNATURE_PKCS1); /** @phpstan-ignore-line */ // Call to an undefined method phpseclib3\Crypt\Common\AsymmetricKey::withPadding(). |
| 246 | } catch (Exception $e) { |
278 | } catch (Exception $e) { |
| 247 | global $openssl_supplement_last_error; |
279 | global $openssl_supplement_last_error; |
| 248 | $openssl_supplement_last_error = $e->getMessage(); |
280 | $openssl_supplement_last_error = $e->getMessage(); |
| 249 | return false; |
281 | return false; |
| 250 | } |
282 | } |