friendica/friendica-addons
1
0
Fork 0
mirror of https://git.friendi.ca/friendica/friendica-addons.git synced 2025-07-08 01:18:48 +00:00
Code Issues Releases Wiki Activity

[securemail] Upgrade singpolyma/openpgp to version 0.6.0

Browse source 
- Add missing use statement in SecureTestEmail
- Address https://github.com/friendica/friendica/issues/12011#issuecomment-1321196332
- phpseclib version 3 dependency is implied from the core so it is removed from the addon
This commit is contained in:
Hypolite Petovan 2022-11-23 12:25:10 -05:00
parent 30329df0dd
commit c18e0dc66a
60 changed files with 660 additions and 36426 deletions
Download patch file Download diff file Expand all files Collapse all files

84
securemail/vendor/singpolyma/openpgp-php/lib/openpgp.php vendored
View file

@ -5,7 +5,7 @@
* (RFC 4880).
*
* @package OpenPGP
* @version 0.5.0
* @version 0.6.0
* @author Arto Bendiken <arto.bendiken@gmail.com>
* @author Stephen Paul Weber <singpolyma@singpolyma.net>
* @see http://github.com/bendiken/openpgp-php
@ -18,7 +18,7 @@
* @see http://tools.ietf.org/html/rfc4880
*/
class OpenPGP {
const VERSION = array(0, 5, 0);
const VERSION = array(0, 6, 0);
/**
* @see http://tools.ietf.org/html/rfc4880#section-6
@ -51,7 +51,8 @@ class OpenPGP {
$pos2 = strpos($text, "-----END");
if ($pos2 === FALSE) return NULL;
}
return base64_decode($text = substr($text, $pos1, $pos2 - $pos1));
$text = substr($text, $pos1, $pos2 - $pos1);
return base64_decode($text, true);
}
}
@ -336,7 +337,7 @@ class OpenPGP_Message implements IteratorAggregate, ArrayAccess {
/**
* Function to extract verified signatures
* $verifiers is an array of callbacks formatted like array('RSA' => array('SHA256' => CALLBACK)) that take two parameters: raw message and signature packet
* $verifiers is an array of callbacks formatted like array('RSA' => CALLBACK) or array('RSA' => array('SHA256' => CALLBACK)) that take two parameters: raw message and signature packet
*/
function verified_signatures($verifiers) {
$signed = $this->signatures();
@ -347,7 +348,8 @@ class OpenPGP_Message implements IteratorAggregate, ArrayAccess {
$vsigs = array();
foreach($signatures as $sig) {
$verifier = $verifiers[$sig->key_algorithm_name()][$sig->hash_algorithm_name()];
$verifier = $verifiers[$sig->key_algorithm_name()];
if(is_array($verifier)) $verifier = $verifier[$sig->hash_algorithm_name()];
if($verifier && $this->verify_one($verifier, $sign, $sig)) {
$vsigs[] = $sig;
}
@ -378,24 +380,34 @@ class OpenPGP_Message implements IteratorAggregate, ArrayAccess {
// IteratorAggregate interface
// function getIterator(): \Traversable { // when php 5 support is dropped
#[\ReturnTypeWillChange]
function getIterator() {
return new ArrayIterator($this->packets);
}
// ArrayAccess interface
// function offsetExists($offset): bool // when php 5 support is dropped
#[\ReturnTypeWillChange]
function offsetExists($offset) {
return isset($this->packets[$offset]);
}
// function offsetGet($offset): mixed // when php 7.4 support is dropped
#[\ReturnTypeWillChange]
function offsetGet($offset) {
return $this->packets[$offset];
}
// function offsetSet($offset, $value): void // when php 5 support is dropped
#[\ReturnTypeWillChange]
function offsetSet($offset, $value) {
return is_null($offset) ? $this->packets[] = $value : $this->packets[$offset] = $value;
is_null($offset) ? $this->packets[] = $value : $this->packets[$offset] = $value;
}
// function offsetUnset($offset): void // when php 5 support is dropped
#[\ReturnTypeWillChange]
function offsetUnset($offset) {
unset($this->packets[$offset]);
}
@ -420,7 +432,7 @@ class OpenPGP_Packet {
/**
* Parses an OpenPGP packet.
*
*
* Partial body lengths based on https://github.com/toofishes/python-pgpdump/blob/master/pgpdump/packet.py
*
* @see http://tools.ietf.org/html/rfc4880#section-4.2
@ -558,7 +570,7 @@ class OpenPGP_Packet {
*/
function read_unpacked($count, $format) {
$unpacked = unpack($format, $this->read_bytes($count));
return reset($unpacked);
return is_array($unpacked) ? reset($unpacked) : NULL;
}
function read_byte() {
@ -1376,6 +1388,9 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet {
if(strtoupper($p->issuer()) == $keyid16) {
$sigs[] = $p;
} else {
if(!is_array($p->hashed_subpackets)) {
break;
}
foreach(array_merge($p->hashed_subpackets, $p->unhashed_subpackets) as $s) {
if($s instanceof OpenPGP_SignaturePacket_EmbeddedSignaturePacket && strtoupper($s->issuer()) == $keyid16) {
$sigs[] = $p;
@ -1423,7 +1438,14 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet {
*/
function read_key_material() {
foreach (self::$key_fields[$this->algorithm] as $field) {
$this->key[$field] = $this->read_mpi();
if (strlen($field) == 1) {
$this->key[$field] = $this->read_mpi();
} else if ($field == 'oid') {
$len = ord($this->read_byte());
$this->key[$field] = $this->read_bytes($len);
} else {
$this->key[$field] = ord($this->read_byte());
}
}
$this->key_id = substr($this->fingerprint(), -8);
}
@ -1433,8 +1455,8 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet {
case 3:
$material = array();
foreach (self::$key_fields[$this->algorithm] as $i) {
$material[] = pack('n', OpenPGP::bitlength($this->key[$i]));
$material[] = $this->key[$i];
$material[] = pack('n', OpenPGP::bitlength($this->key[$i]));
$material[] = $this->key[$i];
}
return $material;
case 4:
@ -1445,8 +1467,15 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet {
);
$material = array();
foreach (self::$key_fields[$this->algorithm] as $i) {
$material[] = pack('n', OpenPGP::bitlength($this->key[$i]));
$material[] = $this->key[$i];
if (strlen($i) == 1) {
$material[] = pack('n', OpenPGP::bitlength($this->key[$i]));
$material[] = $this->key[$i];
} else if ($i == 'oid') {
$material[] = chr(strlen($this->key[$i]));
$material[] = $this->key[$i];
} else {
$material[] = chr($this->key[$i]);
}
}
$material = implode('', $material);
$head[1] = pack('n', 6 + strlen($material));
@ -1484,9 +1513,12 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet {
}
static $key_fields = array(
1 => array('n', 'e'), // RSA
16 => array('p', 'g', 'y'), // ELG-E
17 => array('p', 'q', 'g', 'y'), // DSA
1 => array('n', 'e'),
16 => array('p', 'g', 'y'),
17 => array('p', 'q', 'g', 'y'),
18 => array('oid', 'p', 'len', 'future', 'hash', 'algorithm'),
19 => array('oid', 'p'),
22 => array('oid', 'p')
);
static $algorithms = array(
@ -1497,7 +1529,8 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet {
17 => 'DSA',
18 => 'ECC',
19 => 'ECDSA',
21 => 'DH'
21 => 'DH',
22 => 'EdDSA'
);
}
@ -1547,6 +1580,9 @@ class OpenPGP_SecretKeyPacket extends OpenPGP_PublicKeyPacket {
3 => array('d', 'p', 'q', 'u'), // RSA-S
16 => array('x'), // ELG-E
17 => array('x'), // DSA
18 => array('x'), // ECDH
19 => array('x'), // ECDSA
22 => array('x'), // EdDSA
);
function key_from_input() {
@ -1655,25 +1691,33 @@ class OpenPGP_CompressedDataPacket extends OpenPGP_Packet implements IteratorAgg
}
// IteratorAggregate interface
// function getIterator(): \Traversable { // when PHP 5 support is dropped
#[\ReturnTypeWillChange]
function getIterator() {
return new ArrayIterator($this->data->packets);
}
// ArrayAccess interface
// function offsetExists($offset): bool { // when PHP 5 support is dropped
#[\ReturnTypeWillChange]
function offsetExists($offset) {
return isset($this->data[$offset]);
}
// function offsetGet($offset): mixed { // when PHP 7 support is dropped
#[\ReturnTypeWillChange]
function offsetGet($offset) {
return $this->data[$offset];
}
// function offsetSet($offset, $value): void { // when PHP 5 support is dropped
#[\ReturnTypeWillChange]
function offsetSet($offset, $value) {
return is_null($offset) ? $this->data[] = $value : $this->data[$offset] = $value;
is_null($offset) ? $this->data[] = $value : $this->data[$offset] = $value;
}
#[\ReturnTypeWillChange]
// function offsetUnset($offset): void { // PHP 5 support is dropped
function offsetUnset($offset) {
unset($this->data[$offset]);
}

81
securemail/vendor/singpolyma/openpgp-php/lib/openpgp_crypt_rsa.php vendored
View file

@ -7,8 +7,10 @@
*/
// From http://phpseclib.sourceforge.net/
use phpseclib\Crypt\RSA as Crypt_RSA;
use phpseclib\Math\BigInteger as Math_BigInteger;
use phpseclib3\Crypt\PublicKeyLoader;
use phpseclib3\Crypt\RSA as Crypt_RSA;
use phpseclib3\Crypt\RSA\PublicKey;
use phpseclib3\Math\BigInteger as Math_BigInteger;
define('CRYPT_RSA_ENCRYPTION_PKCS1', Crypt_RSA::ENCRYPTION_PKCS1);
define('CRYPT_RSA_SIGNATURE_PKCS1', Crypt_RSA::SIGNATURE_PKCS1);
@ -61,7 +63,7 @@ class OpenPGP_Crypt_RSA {
$verifier = function($m, $s) use($self) {
$key = $self->public_key($s->issuer());
if(!$key) return false;
$key->setHash(strtolower($s->hash_algorithm_name()));
$key = $key->withHash(strtolower($s->hash_algorithm_name()));
return $key->verify($m, reset($s->data));
};
} else {
@ -75,7 +77,7 @@ class OpenPGP_Crypt_RSA {
$key = $packet->public_key($s->issuer());
}
if(!$key) return false;
$key->setHash(strtolower($s->hash_algorithm_name()));
$key = $key->withHash(strtolower($s->hash_algorithm_name()));
return $key->verify($m, reset($s->data));
};
}
@ -123,7 +125,7 @@ class OpenPGP_Crypt_RSA {
if(!$keyid) $keyid = substr($key->key()->fingerprint, -16, 16);
$key = $key->private_key($keyid);
}
$key->setHash(strtolower($hash));
$key = $key->withHash(strtolower($hash));
$sig = new OpenPGP_SignaturePacket($message, 'RSA', strtoupper($hash));
$sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid);
@ -145,7 +147,7 @@ class OpenPGP_Crypt_RSA {
if(!$key || !$packet) return NULL; // Missing some data
if(!$keyid) $keyid = substr($this->key->fingerprint, -16);
$key->setHash(strtolower($hash));
$key = $key->withHash(strtolower($hash));
$sig = NULL;
foreach($packet as $p) {
@ -211,8 +213,13 @@ class OpenPGP_Crypt_RSA {
}
static function try_decrypt_session($key, $edata) {
$key->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$data = @$key->decrypt($edata);
$key = $key->withPadding(CRYPT_RSA_ENCRYPTION_PKCS1 | CRYPT_RSA_SIGNATURE_PKCS1);
try {
$data = $key->decrypt($edata);
} catch (\RuntimeException $e) {
return NULL;
}
if(!$data) return NULL;
$sk = substr($data, 1, strlen($data)-3);
$chk = unpack('n', substr($data, -2));
@ -228,43 +235,53 @@ class OpenPGP_Crypt_RSA {
}
static function crypt_rsa_key($mod, $exp, $hash='SHA256') {
$rsa = new Crypt_RSA();
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->setHash(strtolower($hash));
$rsa->modulus = new Math_BigInteger($mod, 256);
$rsa->k = strlen($rsa->modulus->toBytes());
$rsa->exponent = new Math_BigInteger($exp, 256);
$rsa->setPublicKey();
return $rsa;
return Crypt_RSA::loadPublicKey([
'e' => new Math_BigInteger($exp, 256),
'n' => new Math_BigInteger($mod, 256),
])
->withPadding(CRYPT_RSA_SIGNATURE_PKCS1 | CRYPT_RSA_ENCRYPTION_PKCS1)
->withHash(strtolower($hash));
}
static function convert_key($packet, $private=false) {
if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet);
if($packet instanceof OpenPGP_Message) $packet = $packet[0];
$mod = $packet->key['n'];
$exp = $packet->key['e'];
if($private) $exp = $packet->key['d'];
if(!$exp) return NULL; // Packet doesn't have needed data
$rsa = self::crypt_rsa_key($mod, $exp);
/**
* @see https://github.com/phpseclib/phpseclib/issues/1113
* Primes and coefficients now use BigIntegers.
**/
if($private) {
/**
* @see https://github.com/phpseclib/phpseclib/issues/1113
* Primes and coefficients now use BigIntegers.
**/
//set the primes
if($packet->key['p'] && $packet->key['q'])
$rsa->primes = array(
1 => new Math_BigInteger($packet->key['p'], 256),
2 => new Math_BigInteger($packet->key['q'], 256)
);
// set the coefficients
if($packet->key['u']) $rsa->coefficients = array(2 => new Math_BigInteger($packet->key['u'], 256));
}
// Invert p and q to make u work out as q'
$rawKey = [
'e' => new Math_BigInteger($packet->key['e'], 256),
'n' => new Math_BigInteger($packet->key['n'], 256),
'd' => new Math_BigInteger($packet->key['d'], 256),
'q' => new Math_BigInteger($packet->key['p'], 256),
'p' => new Math_BigInteger($packet->key['q'], 256),
];
if (array_key_exists('u', $packet->key)) {
// possible keys for 'u': https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Crypt/RSA/Formats/Keys/Raw.php#L108
$rawKey['inerseq'] = new Math_BigInteger($packet->key['u'], 256);
}
return $rsa;
return publickeyloader::loadPrivateKey($rawKey)
->withPadding(CRYPT_RSA_SIGNATURE_PKCS1 | CRYPT_RSA_ENCRYPTION_PKCS1)
->withHash('sha256');
} else {
return publickeyloader::loadPublicKey([
'e' => new Math_BigInteger($packet->key['e'], 256),
'n' => new Math_BigInteger($packet->key['n'], 256),
])
->withPadding(CRYPT_RSA_SIGNATURE_PKCS1 | CRYPT_RSA_ENCRYPTION_PKCS1)
->withHash('sha256');
}
}
static function convert_public_key($packet) {

46
securemail/vendor/singpolyma/openpgp-php/lib/openpgp_crypt_symmetric.php vendored
View file

@ -1,10 +1,10 @@
<?php
use phpseclib\Crypt\AES as Crypt_AES;
use phpseclib\Crypt\Blowfish as Crypt_Blowfish;
use phpseclib\Crypt\TripleDES as Crypt_TripleDES;
use phpseclib\Crypt\Twofish as Crypt_Twofish;
use phpseclib\Crypt\Random;
use phpseclib3\Crypt\AES as Crypt_AES;
use phpseclib3\Crypt\Blowfish as Crypt_Blowfish;
use phpseclib3\Crypt\TripleDES as Crypt_TripleDES;
use phpseclib3\Crypt\Twofish as Crypt_Twofish;
use phpseclib3\Crypt\Random;
require_once dirname(__FILE__).'/openpgp.php';
@include_once dirname(__FILE__).'/openpgp_crypt_rsa.php';
@ -34,8 +34,7 @@ class OpenPGP_Crypt_Symmetric {
if($pass instanceof OpenPGP_PublicKeyPacket) {
if(!in_array($pass->algorithm, array(1,2,3))) throw new Exception("Only RSA keys are supported.");
$crypt_rsa = new OpenPGP_Crypt_RSA($pass);
$rsa = $crypt_rsa->public_key();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$rsa = $crypt_rsa->public_key()->withPadding(CRYPT_RSA_ENCRYPTION_PKCS1 | CRYPT_RSA_SIGNATURE_PKCS1);
$esk = $rsa->encrypt(chr($symmetric_algorithm) . $key . pack('n', self::checksum($key)));
$esk = pack('n', OpenPGP::bitlength($esk)) . $esk;
array_unshift($encrypted, new OpenPGP_AsymmetricSessionKeyPacket($pass->algorithm, $pass->fingerprint(), $esk));
@ -171,12 +170,16 @@ class OpenPGP_Crypt_Symmetric {
public static function getCipher($algo) {
$cipher = NULL;
// https://datatracker.ietf.org/doc/html/rfc4880#section-13.9
// " 1. The feedback register (FR) is set to the IV, which is all zeros."
switch($algo) {
case NULL:
case 0:
throw new Exception("Data is already unencrypted");
case 2:
$cipher = new Crypt_TripleDES(Crypt_TripleDES::MODE_CFB);
$cipher = new Crypt_TripleDES('cfb');
$cipher->setIV(str_repeat(pack('x'), 8));
$key_bytes = 24;
$key_block_bytes = 8;
break;
@ -188,34 +191,37 @@ class OpenPGP_Crypt_Symmetric {
}
break;
case 4:
$cipher = new Crypt_Blowfish(Crypt_Blowfish::MODE_CFB);
$cipher = new Crypt_Blowfish('cfb');
$cipher->setIV(str_repeat(pack('x'), 8));
$key_bytes = 16;
$key_block_bytes = 8;
break;
case 7:
$cipher = new Crypt_AES(Crypt_AES::MODE_CFB);
$cipher = new Crypt_AES('cfb');
$cipher->setKeyLength(128);
$cipher->setIV(str_repeat(pack('x'), 16));
break;
case 8:
$cipher = new Crypt_AES(Crypt_AES::MODE_CFB);
$cipher = new Crypt_AES('cfb');
$cipher->setKeyLength(192);
$cipher->setIV(str_repeat(pack('x'), 16));
break;
case 9:
$cipher = new Crypt_AES(Crypt_AES::MODE_CFB);
$cipher = new Crypt_AES('cfb');
$cipher->setKeyLength(256);
$cipher->setIV(str_repeat(pack('x'), 16));
break;
case 10:
$cipher = new Crypt_Twofish(Crypt_Twofish::MODE_CFB);
if(method_exists($cipher, 'setKeyLength')) {
$cipher->setKeyLength(256);
} else {
$cipher = NULL;
}
$cipher = new Crypt_Twofish('cfb');
$cipher->setIV(str_repeat(pack('x'), 16));
$key_bytes = 32;
break;
}
if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher
if(!isset($key_bytes)) $key_bytes = isset($cipher->key_size)?$cipher->key_size:$cipher->key_length;
if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size;
if(!isset($key_bytes)) $key_bytes = $cipher->getKeyLength() >> 3;
if(!isset($key_block_bytes)) $key_block_bytes = $cipher->getBlockLengthInBytes();
return array($cipher, $key_bytes, $key_block_bytes);
}

9
securemail/vendor/singpolyma/openpgp-php/lib/openpgp_mcrypt_wrapper.php vendored
View file

@ -12,6 +12,15 @@ if(function_exists('mcrypt_encrypt') && defined('MCRYPT_MODE_CFB')) {
$this->iv = str_repeat("\0", mcrypt_get_iv_size($cipher, 'ncfb'));
}
function getBlockLengthInBytes()
{
return $this->block_size;
}
function getKeyLength() {
return $this->key_size << 3;
}
function setKey($key) {
$this->key = $key;
}

9
securemail/vendor/singpolyma/openpgp-php/lib/openpgp_openssl_wrapper.php vendored
View file

@ -14,6 +14,15 @@ if(function_exists('openssl_encrypt')) {
$this->iv = str_repeat("\0", 8);
}
function getBlockLengthInBytes()
{
return $this->block_size;
}
function getKeyLength() {
return $this->key_size << 3;
}
function setKey($key) {
$this->key = $key;
}

24
securemail/vendor/singpolyma/openpgp-php/lib/openpgp_sodium.php vendored Normal file
View file

@ -0,0 +1,24 @@
<?php
function sodium_make_verifier($pk) {
return function($m, $s) use ($pk) {
if($pk instanceof OpenPGP_Message) {
foreach($pk as $p) {
if($p instanceof OpenPGP_PublicKeyPacket) {
if(substr($p->fingerprint, strlen($s->issuer())*-1) == $s->issuer()) {
$pk = $p;
break;
}
}
}
}
if ($pk->algorithm != 22) throw new Exception("Only EdDSA supported");
if (bin2hex($pk->key['oid']) != '2b06010401da470f01') throw new Exception("Only ed25519 supported");
return sodium_crypto_sign_verify_detached(
implode($s->data),
hash($s->hash_algorithm_name(), $m, true),
substr($pk->key['p'], 1)
);
};
}