[securemail] Update Composer dependencies

- Update phpseclib/phpseclib to version 2.0.4
- Update singpolyma/openpgp-php to version 0.3.0

securemail/vendor/singpolyma/openpgp-php/.gitignore

@@ -0,0 +1,4 @@
+.DS_Store
+.tmp
+pkg
+tmp

securemail/vendor/singpolyma/openpgp-php/.travis.yml

@@ -0,0 +1,18 @@
+language: php
+php:
+  - 5.3
+  - 5.4
+  - 5.5
+  - 5.6
+  - 7.0
+  - hhvm
+#  - nightly
+
+env:
+  - PHPSECLIB="2.0.0"
+  - PHPSECLIB="2.0.1"
+  - PHPSECLIB="2.0.2"
+  - PHPSECLIB="2.0.3"
+  - PHPSECLIB="2.0.4"
+
+before_script: 'sed -i "s/\"phpseclib\/phpseclib\": \"[^\"]*/\"phpseclib\/phpseclib\": \"$PHPSECLIB/" composer.json && composer install --prefer-source --dev'

securemail/vendor/singpolyma/openpgp-php/README

@@ -0,0 +1 @@
+README.md

securemail/vendor/singpolyma/openpgp-php/README.md

@@ -30,7 +30,8 @@ Users
 
 OpenPGP.php is currently being used in the following projects:
 
-* <http://drupal.org/project/openpgp>
+* <https://drupal.org/project/openpgp>
+* <https://wordpress.org/plugins/wp-pgp-encrypted-emails/>
 
 Download
 --------

securemail/vendor/singpolyma/openpgp-php/VERSION

@@ -1 +1 @@
-0.0.1
+0.3.0

securemail/vendor/singpolyma/openpgp-php/composer.json

@@ -0,0 +1,24 @@
+{
+  "name": "singpolyma/openpgp-php",
+  "description": "Pure-PHP implementation of the OpenPGP Message Format (RFC 4880)",
+  "license": "Unlicense",
+  "authors": [
+    {
+      "name": "Arto Bendiken",
+      "email": "arto.bendiken@gmail.com"
+    },
+    {
+      "name": "Stephen Paul Weber",
+      "email": "singpolyma@singpolyma.net"
+    }
+  ],
+  "require": {
+    "phpseclib/phpseclib": ">=2.0.0 <=2.0.4"
+  },
+  "require-dev": {
+    "phpunit/phpunit": "~4.0"
+  },
+  "autoload": {
+    "classmap": ["lib/"]
+  }
+}

securemail/vendor/singpolyma/openpgp-php/examples/clearsign.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once dirname(__FILE__).'/../lib/openpgp.php';
+require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php';
+
+/* Parse secret key from STDIN, the key must not be password protected */
+$wkey = OpenPGP_Message::parse(file_get_contents('php://stdin'));
+$wkey = $wkey[0];
+
+$string = "This\nis\na\ntest.";
+
+/* Create a new literal data packet */
+$data = new OpenPGP_LiteralDataPacket($string, array('format' => 'u', 'filename' => 'stuff.txt'));
+$data->normalize(true); // Clearsign-style normalization of the LiteralDataPacket
+
+/* Create a signer from the key */
+$sign = new OpenPGP_Crypt_RSA($wkey);
+
+/* The message is the signed data packet */
+$m = $sign->sign($data);
+
+/* Generate clearsigned data */
+$packets = $m->signatures()[0];
+echo "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n";
+// Output normalised data.  You could convert line endings here
+// without breaking the signature, but do not add any
+// trailing whitespace to lines.
+echo preg_replace("/^-/", "- -",  $packets[0]->data)."\n";
+echo OpenPGP::enarmor($packets[1][0]->to_bytes(), "PGP SIGNATURE");
+
+?>

securemail/vendor/singpolyma/openpgp-php/examples/deASCIIdeCrypt.php

@@ -0,0 +1,27 @@
+<?php
+
+// USAGE: php examples/deASCIIdeCrypt.php secretkey.asc password message.asc
+// This will fail if the algo on key or message is not 3DES or AES
+
+require_once dirname(__FILE__).'/../lib/openpgp.php';
+require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php';
+require_once dirname(__FILE__).'/../lib/openpgp_crypt_symmetric.php';
+
+$keyASCII = file_get_contents($argv[1]);
+$msgASCII = file_get_contents($argv[3]);
+
+$keyEncrypted = OpenPGP_Message::parse(OpenPGP::unarmor($keyASCII, 'PGP PRIVATE KEY BLOCK'));
+
+// Try each secret key packet
+foreach($keyEncrypted as $p) {
+	if(!($p instanceof OpenPGP_SecretKeyPacket)) continue;
+
+	$key = OpenPGP_Crypt_Symmetric::decryptSecretKey($argv[2], $p);
+
+	$msg = OpenPGP_Message::parse(OpenPGP::unarmor($msgASCII, 'PGP MESSAGE'));
+
+	$decryptor = new OpenPGP_Crypt_RSA($key);
+	$decrypted = $decryptor->decrypt($msg);
+
+	var_dump($decrypted);
+}

securemail/vendor/singpolyma/openpgp-php/examples/encryptDecrypt.php

@@ -0,0 +1,15 @@
+<?php
+
+require_once dirname(__FILE__).'/../lib/openpgp.php';
+require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php';
+require_once dirname(__FILE__).'/../lib/openpgp_crypt_symmetric.php';
+
+$key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/../tests/data/helloKey.gpg'));
+$data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt'));
+$encrypted = OpenPGP_Crypt_Symmetric::encrypt($key, new OpenPGP_Message(array($data)));
+
+// Now decrypt it with the same key
+$decryptor = new OpenPGP_Crypt_RSA($key);
+$decrypted = $decryptor->decrypt($encrypted);
+
+var_dump($decrypted);

securemail/vendor/singpolyma/openpgp-php/examples/keygen.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once dirname(__FILE__).'/../lib/openpgp.php';
+require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php';
+
+$rsa = new \phpseclib\Crypt\RSA();
+$k = $rsa->createKey(512);
+$rsa->loadKey($k['privatekey']);
+
+$nkey = new OpenPGP_SecretKeyPacket(array(
+   'n' => $rsa->modulus->toBytes(),
+   'e' => $rsa->publicExponent->toBytes(),
+   'd' => $rsa->exponent->toBytes(),
+   'p' => $rsa->primes[2]->toBytes(),
+   'q' => $rsa->primes[1]->toBytes(),
+   'u' => $rsa->coefficients[2]->toBytes()
+));
+
+$uid = new OpenPGP_UserIDPacket('Test <test@example.com>');
+
+$wkey = new OpenPGP_Crypt_RSA($nkey);
+$m = $wkey->sign_key_userid(array($nkey, $uid));
+
+// Serialize private key
+print $m->to_bytes();
+
+// Serialize public key message
+$pubm = clone($m);
+$pubm[0] = new OpenPGP_PublicKeyPacket($pubm[0]);
+
+$public_bytes = $pubm->to_bytes();

securemail/vendor/singpolyma/openpgp-php/examples/sign.php

@@ -0,0 +1,22 @@
+<?php
+
+require_once dirname(__FILE__).'/../lib/openpgp.php';
+require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php';
+
+/* Parse secret key from STDIN, the key must not be password protected */
+$wkey = OpenPGP_Message::parse(file_get_contents('php://stdin'));
+$wkey = $wkey[0];
+
+/* Create a new literal data packet */
+$data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt'));
+
+/* Create a signer from the key */
+$sign = new OpenPGP_Crypt_RSA($wkey);
+
+/* The message is the signed data packet */
+$m = $sign->sign($data);
+
+/* Output the raw message bytes to STDOUT */
+echo $m->to_bytes();
+
+?>

securemail/vendor/singpolyma/openpgp-php/examples/verify.php

@@ -0,0 +1,18 @@
+<?php
+
+require_once dirname(__FILE__).'/../lib/openpgp.php';
+require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php';
+
+/* Parse public key from STDIN */
+$wkey = OpenPGP_Message::parse(file_get_contents('php://stdin'));
+
+/* Parse signed message from file named "t" */
+$m = OpenPGP_Message::parse(file_get_contents('t'));
+
+/* Create a verifier for the key */
+$verify = new OpenPGP_Crypt_RSA($wkey);
+
+/* Dump verification information to STDOUT */
+var_dump($verify->verify($m));
+
+?>

securemail/vendor/singpolyma/openpgp-php/lib/openpgp.php

@@ -5,7 +5,7 @@
  * (RFC 4880).
  *
  * @package OpenPGP
- * @version 0.0.1
+ * @version 0.3.0
  * @author  Arto Bendiken <arto.bendiken@gmail.com>
  * @author  Stephen Paul Weber <singpolyma@singpolyma.net>
  * @see     http://github.com/bendiken/openpgp-php
@@ -1327,15 +1327,32 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet {
 
   function __construct($key=array(), $algorithm='RSA', $timestamp=NULL, $version=4) {
     parent::__construct();
-    $this->key = $key;
-    if(is_string($this->algorithm = $algorithm)) {
-      $this->algorithm = array_search($this->algorithm, self::$algorithms);
-    }
-    $this->timestamp = $timestamp ? $timestamp : time();
-    $this->version = $version;
 
-    if(count($this->key) > 0) {
-      $this->key_id = substr($this->fingerprint(), -8);
+    if($key instanceof OpenPGP_PublicKeyPacket) {
+      $this->algorithm = $key->algorithm;
+      $this->key = array();
+
+      // Restrict to only the fields we need
+      foreach (self::$key_fields[$this->algorithm] as $field) {
+        $this->key[$field] = $key->key[$field];
+      }
+
+      $this->key_id = $key->key_id;
+      $this->fingerprint = $key->fingerprint;
+      $this->timestamp = $key->timestamp;
+      $this->version = $key->version;
+      $this->v3_days_of_validity = $key->v3_days_of_validity;
+    } else {
+      $this->key = $key;
+      if(is_string($this->algorithm = $algorithm)) {
+        $this->algorithm = array_search($this->algorithm, self::$algorithms);
+      }
+      $this->timestamp = $timestamp ? $timestamp : time();
+      $this->version = $version;
+
+      if(count($this->key) > 0) {
+        $this->key_id = substr($this->fingerprint(), -8);
+      }
     }
   }
 
@@ -1685,10 +1702,19 @@ class OpenPGP_LiteralDataPacket extends OpenPGP_Packet {
     $this->timestamp = isset($opt['timestamp']) ? $opt['timestamp'] : time();
   }
 
-  function normalize() {
+  function normalize($clearsign=false) {
+    if($clearsign && ($this->format != 'u' && $this->format != 't')) {
+      $this->format = 'u'; // Clearsign must be text
+    }
+
     if($this->format == 'u' || $this->format == 't') { // Normalize line endings
       $this->data = str_replace("\n", "\r\n", str_replace("\r", "\n", str_replace("\r\n", "\n", $this->data)));
     }
+
+    if($clearsign) {
+      // When clearsigning, do not sign over trailing whitespace
+      $this->data = preg_replace('/\s+\r/', "\r", $this->data);
+    }
   }
 
   function read() {

securemail/vendor/singpolyma/openpgp-php/lib/openpgp_crypt_rsa.php

@@ -7,7 +7,11 @@
  */
 
 // From http://phpseclib.sourceforge.net/
-require_once 'Crypt/RSA.php';
+use phpseclib\Crypt\RSA as Crypt_RSA;
+use phpseclib\Math\BigInteger as Math_BigInteger;
+
+define('CRYPT_RSA_ENCRYPTION_PKCS1', Crypt_RSA::ENCRYPTION_PKCS1);
+define('CRYPT_RSA_SIGNATURE_PKCS1', Crypt_RSA::SIGNATURE_PKCS1);
 
 require_once dirname(__FILE__).'/openpgp.php';
 @include_once dirname(__FILE__).'/openpgp_crypt_symmetric.php'; /* For encrypt/decrypt */
@@ -150,7 +154,7 @@ class OpenPGP_Crypt_RSA {
     if(!$sig) {
       $sig = new OpenPGP_SignaturePacket($packet, 'RSA', strtoupper($hash)); 
       $sig->signature_type = 0x13;
-      $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x01, 0x02));
+      $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x01 | 0x02));
       $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid);
       $packet[] = $sig;
     }
@@ -241,8 +245,18 @@ class OpenPGP_Crypt_RSA {
     $rsa = self::crypt_rsa_key($mod, $exp);
 
     if($private) {
-      if($packet->key['p'] && $packet->key['q']) $rsa->primes = array($packet->key['p'], $packet->key['q']);
-      if($packet->key['u']) $rsa->coefficients = array($packet->key['u']);
+        /**
+         * @see https://github.com/phpseclib/phpseclib/issues/1113
+         * Primes and coefficients now use BigIntegers.
+         **/
+        //set the primes
+        if($packet->key['p'] && $packet->key['q'])
+            $rsa->primes = array(
+                1 => new Math_BigInteger($packet->key['p'], 256),
+                2 => new Math_BigInteger($packet->key['q'], 256)
+            );
+        // set the coefficients
+        if($packet->key['u']) $rsa->coefficients = array(2 => new Math_BigInteger($packet->key['u'], 256));
     }
 
     return $rsa;

securemail/vendor/singpolyma/openpgp-php/lib/openpgp_crypt_symmetric.php

@@ -1,20 +1,24 @@
 <?php
 
+use phpseclib\Crypt\TripleDES as Crypt_TripleDES;
+use phpseclib\Crypt\AES as Crypt_AES;
+use phpseclib\Crypt\Random;
+
+define('CRYPT_DES_MODE_CFB', Crypt_TripleDES::MODE_CFB);
+define('CRYPT_AES_MODE_CFB', Crypt_AES::MODE_CFB);
+
 require_once dirname(__FILE__).'/openpgp.php';
 @include_once dirname(__FILE__).'/openpgp_crypt_rsa.php';
 @include_once dirname(__FILE__).'/openpgp_mcrypt_wrapper.php';
-@include_once 'Crypt/AES.php';
-@include_once 'Crypt/TripleDES.php';
-require_once 'Crypt/Random.php'; // part of phpseclib is absolutely required
 
 class OpenPGP_Crypt_Symmetric {
   public static function encrypt($passphrases_and_keys, $message, $symmetric_algorithm=9) {
     list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm);
     if(!$cipher) throw new Exception("Unsupported cipher");
-    $prefix = crypt_random_string($key_block_bytes);
+    $prefix = Random::string($key_block_bytes);
     $prefix .= substr($prefix, -2);
 
-    $key = crypt_random_string($key_bytes);
+    $key = Random::string($key_bytes);
     $cipher->setKey($key);
 
     $to_encrypt = $prefix . $message->to_bytes();
@@ -36,7 +40,7 @@ class OpenPGP_Crypt_Symmetric {
         $esk = pack('n', OpenPGP::bitlength($esk)) . $esk;
         array_unshift($encrypted, new OpenPGP_AsymmetricSessionKeyPacket($pass->algorithm, $pass->fingerprint(), $esk));
       } else if(is_string($pass)) {
-        $s2k = new OpenPGP_S2K(crypt_random_string(10));
+        $s2k = new OpenPGP_S2K(Random::string(10));
         $cipher->setKey($s2k->make_key($pass, $key_bytes));
         $esk = $cipher->encrypt(chr($symmetric_algorithm) . $key);
         array_unshift($encrypted, new OpenPGP_SymmetricSessionKeyPacket($s2k, $esk, $symmetric_algorithm));
@@ -143,38 +147,32 @@ class OpenPGP_Crypt_Symmetric {
     $cipher = NULL;
     switch($algo) {
       case 2:
-        if(class_exists('Crypt_TripleDES')) {
           $cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB);
           $key_bytes = 24;
           $key_block_bytes = 8;
-        }
         break;
       case 3:
         if(defined('MCRYPT_CAST_128')) {
           $cipher = new MCryptWrapper(MCRYPT_CAST_128);
+        } else {
+          throw new Exception("Unsupported cipher: you must have mcrypt installed to use CAST5");
         }
         break;
       case 7:
-        if(class_exists('Crypt_AES')) {
           $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
           $cipher->setKeyLength(128);
-        }
         break;
       case 8:
-        if(class_exists('Crypt_AES')) {
           $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
           $cipher->setKeyLength(192);
-        }
         break;
       case 9:
-        if(class_exists('Crypt_AES')) {
           $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
           $cipher->setKeyLength(256);
-        }
         break;
     }
     if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher
-    if(!isset($key_bytes)) $key_bytes = $cipher->key_size;
+    if(!isset($key_bytes)) $key_bytes = isset($cipher->key_size)?$cipher->key_size:$cipher->key_length;
     if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size;
     return array($cipher, $key_bytes, $key_block_bytes);
   }

securemail/vendor/singpolyma/openpgp-php/phpunit.xml

@@ -0,0 +1,27 @@
+<phpunit bootstrap="tests/bootstrap.php">
+  <testsuites>
+    <testsuite name="Serialization">
+      <file>tests/suite.php</file>
+    </testsuite>
+
+    <testsuite name="Fingerprint">
+      <file>tests/suite.php</file>
+    </testsuite>
+
+    <testsuite name="MessageVerification">
+      <file>tests/phpseclib_suite.php</file>
+    </testsuite>
+
+    <testsuite name="KeyVerification">
+      <file>tests/phpseclib_suite.php</file>
+    </testsuite>
+
+    <testsuite name="Decryption">
+      <file>tests/phpseclib_suite.php</file>
+    </testsuite>
+
+    <testsuite name="Encryption">
+      <file>tests/phpseclib_suite.php</file>
+    </testsuite>
+  </testsuites>
+</phpunit>

securemail/vendor/singpolyma/openpgp-php/tests/bootstrap.php

@@ -0,0 +1,2 @@
+<?php
+@include_once dirname(__FILE__) . '/../vendor/autoload.php';

securemail/vendor/singpolyma/openpgp-php/tests/data/000002-013.user_id

@@ -0,0 +1 @@
+´$Test Key (RSA) <testkey@example.org>

securemail/vendor/singpolyma/openpgp-php/tests/data/000019-013.user_id

@@ -0,0 +1 @@
+´$Test Key (DSA) <testkey@example.com>

securemail/vendor/singpolyma/openpgp-php/tests/data/000030-013.user_id

@@ -0,0 +1 @@
+´+Test Key (DSA sign-only) <test@example.net>

securemail/vendor/singpolyma/openpgp-php/tests/data/000036-013.user_id

@@ -0,0 +1 @@
+´.Test Key (RSA sign-only) <testkey@example.net>

securemail/vendor/singpolyma/openpgp-php/tests/data/000048-013.user_id

@@ -0,0 +1 @@
+´$Test Key (RSA) <testkey@example.org>

securemail/vendor/singpolyma/openpgp-php/tests/data/000057-013.user_id

@@ -0,0 +1 @@
+´$Test Key (DSA) <testkey@example.com>

securemail/vendor/singpolyma/openpgp-php/tests/data/000066-013.user_id

@@ -0,0 +1 @@
+´+Test Key (DSA sign-only) <test@example.net>

securemail/vendor/singpolyma/openpgp-php/tests/data/000070-013.user_id

@@ -0,0 +1 @@
+´.Test Key (RSA sign-only) <testkey@example.net>