robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14 Commits
2 Branches
Tree: 0d952b0746
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0d952b0746'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.2.2/plugins/enigma/lib/enigma_driver_gnupg.php

enigma_driver_gnupg.php 13KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478 
  1. <?php

  2. 

  3. /**

  4.  +-------------------------------------------------------------------------+

  5.  | GnuPG (PGP) driver for the Enigma Plugin                                |

  6.  |                                                                         |

  7.  | Copyright (C) 2010-2015 The Roundcube Dev Team                          |

  8.  |                                                                         |

  9.  | Licensed under the GNU General Public License version 3 or              |

  10.  | any later version with exceptions for skins & plugins.                  |

  11.  | See the README file for a full license statement.                       |

  12.  |                                                                         |

  13.  +-------------------------------------------------------------------------+

  14.  | Author: Aleksander Machniak <alec@alec.pl>                              |

  15.  +-------------------------------------------------------------------------+

  16. */

  17. 

  18. require_once 'Crypt/GPG.php';

  19. 

  20. class enigma_driver_gnupg extends enigma_driver

  21. {

  22.     protected $rc;

  23.     protected $gpg;

  24.     protected $homedir;

  25.     protected $user;

  26. 

  27. 

  28.     function __construct($user)

  29.     {

  30.         $this->rc   = rcmail::get_instance();

  31.         $this->user = $user;

  32.     }

  33. 

  34.     /**

  35.      * Driver initialization and environment checking.

  36.      * Should only return critical errors.

  37.      *

  38.      * @return mixed NULL on success, enigma_error on failure

  39.      */

  40.     function init()

  41.     {

  42.         $homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . 'plugins/enigma/home');

  43.         $debug   = $this->rc->config->get('enigma_debug');

  44.         $binary  = $this->rc->config->get('enigma_pgp_binary');

  45.         $agent   = $this->rc->config->get('enigma_pgp_agent');

  46. 

  47.         if (!$homedir) {

  48.             return new enigma_error(enigma_error::INTERNAL,

  49.                 "Option 'enigma_pgp_homedir' not specified");

  50.         }

  51. 

  52.         // check if homedir exists (create it if not) and is readable

  53.         if (!file_exists($homedir)) {

  54.             return new enigma_error(enigma_error::INTERNAL,

  55.                 "Keys directory doesn't exists: $homedir");

  56.         }

  57.         if (!is_writable($homedir)) {

  58.             return new enigma_error(enigma_error::INTERNAL,

  59.                 "Keys directory isn't writeable: $homedir");

  60.         }

  61. 

  62.         $homedir = $homedir . '/' . $this->user;

  63. 

  64.         // check if user's homedir exists (create it if not) and is readable

  65.         if (!file_exists($homedir)) {

  66.             mkdir($homedir, 0700);

  67.         }

  68. 

  69.         if (!file_exists($homedir)) {

  70.             return new enigma_error(enigma_error::INTERNAL,

  71.                 "Unable to create keys directory: $homedir");

  72.         }

  73.         if (!is_writable($homedir)) {

  74.             return new enigma_error(enigma_error::INTERNAL,

  75.                 "Unable to write to keys directory: $homedir");

  76.         }

  77. 

  78.         $this->homedir = $homedir;

  79. 

  80.         $options = array('homedir' => $this->homedir);

  81. 

  82.         if ($debug) {

  83.             $options['debug'] = array($this, 'debug');

  84.         }

  85.         if ($binary) {

  86.             $options['binary'] = $binary;

  87.         }

  88.         if ($agent) {

  89.             $options['agent'] = $agent;

  90.         }

  91. 

  92.         // Create Crypt_GPG object

  93.         try {

  94.             $this->gpg = new Crypt_GPG($options);

  95.         }

  96.         catch (Exception $e) {

  97.             return $this->get_error_from_exception($e);

  98.         }

  99.     }

  100. 

  101.     /**

  102.      * Encryption.

  103.      *

  104.      * @param string Message body

  105.      * @param array  List of key-password mapping

  106.      *

  107.      * @return mixed Encrypted message or enigma_error on failure

  108.      */

  109.     function encrypt($text, $keys)

  110.     {

  111.         try {

  112.             foreach ($keys as $key) {

  113.                 $this->gpg->addEncryptKey($key);

  114.             }

  115. 

  116.             return $this->gpg->encrypt($text, true);

  117.         }

  118.         catch (Exception $e) {

  119.             return $this->get_error_from_exception($e);

  120.         }

  121.     }

  122. 

  123.     /**

  124.      * Decrypt a message

  125.      *

  126.      * @param string Encrypted message

  127.      * @param array  List of key-password mapping

  128.      *

  129.      * @return mixed Decrypted message or enigma_error on failure

  130.      */

  131.     function decrypt($text, $keys = array())

  132.     {

  133.         try {

  134.             foreach ($keys as $key => $password) {

  135.                 $this->gpg->addDecryptKey($key, $password);

  136.             }

  137. 

  138.             return $this->gpg->decrypt($text);

  139.         }

  140.         catch (Exception $e) {

  141.             return $this->get_error_from_exception($e);

  142.         }

  143.     }

  144. 

  145.     /**

  146.      * Signing.

  147.      *

  148.      * @param string Message body

  149.      * @param string Key ID

  150.      * @param string Key password

  151.      * @param int    Signing mode (enigma_engine::SIGN_*)

  152.      *

  153.      * @return mixed True on success or enigma_error on failure

  154.      */

  155.     function sign($text, $key, $passwd, $mode = null)

  156.     {

  157.         try {

  158.             $this->gpg->addSignKey($key, $passwd);

  159.             return $this->gpg->sign($text, $mode, CRYPT_GPG::ARMOR_ASCII, true);

  160.         }

  161.         catch (Exception $e) {

  162.             return $this->get_error_from_exception($e);

  163.         }

  164.     }

  165. 

  166.     /**

  167.      * Signature verification.

  168.      *

  169.      * @param string Message body

  170.      * @param string Signature, if message is of type PGP/MIME and body doesn't contain it

  171.      *

  172.      * @return mixed Signature information (enigma_signature) or enigma_error

  173.      */

  174.     function verify($text, $signature)

  175.     {

  176.         try {

  177.             $verified = $this->gpg->verify($text, $signature);

  178.             return $this->parse_signature($verified[0]);

  179.         }

  180.         catch (Exception $e) {

  181.             return $this->get_error_from_exception($e);

  182.         }

  183.     }

  184. 

  185.     /**

  186.      * Key file import.

  187.      *

  188.      * @param string  File name or file content

  189.      * @param bollean True if first argument is a filename

  190.      *

  191.      * @return mixed Import status array or enigma_error

  192.      */

  193.     public function import($content, $isfile=false)

  194.     {

  195.         try {

  196.             if ($isfile)

  197.                 return $this->gpg->importKeyFile($content);

  198.             else

  199.                 return $this->gpg->importKey($content);

  200.         }

  201.         catch (Exception $e) {

  202.             return $this->get_error_from_exception($e);

  203.         }

  204.     }

  205. 

  206.     /**

  207.      * Key export.

  208.      *

  209.      * @param string Key ID

  210.      * @param bool   Include private key

  211.      *

  212.      * @return mixed Key content or enigma_error

  213.      */

  214.     public function export($keyid, $with_private = false)

  215.     {

  216.         try {

  217.             $key = $this->gpg->exportPublicKey($keyid, true);

  218. 

  219.             if ($with_private) {

  220.                 $priv = $this->gpg->exportPrivateKey($keyid, true);

  221.                 $key .= $priv;

  222.             }

  223. 

  224.             return $key;

  225.         }

  226.         catch (Exception $e) {

  227.             return $this->get_error_from_exception($e);

  228.         }

  229.     }

  230. 

  231.     /**

  232.      * Keys listing.

  233.      *

  234.      * @param string Optional pattern for key ID, user ID or fingerprint

  235.      *

  236.      * @return mixed Array of enigma_key objects or enigma_error

  237.      */

  238.     public function list_keys($pattern='')

  239.     {

  240.         try {

  241.             $keys = $this->gpg->getKeys($pattern);

  242.             $result = array();

  243. 

  244.             foreach ($keys as $idx => $key) {

  245.                 $result[] = $this->parse_key($key);

  246.                 unset($keys[$idx]);

  247.             }

  248. 

  249.             return $result;

  250.         }

  251.         catch (Exception $e) {

  252.             return $this->get_error_from_exception($e);

  253.         }

  254.     }

  255. 

  256.     /**

  257.      * Single key information.

  258.      *

  259.      * @param string Key ID, user ID or fingerprint

  260.      *

  261.      * @return mixed Key (enigma_key) object or enigma_error

  262.      */

  263.     public function get_key($keyid)

  264.     {

  265.         $list = $this->list_keys($keyid);

  266. 

  267.         if (is_array($list)) {

  268.             return $list[key($list)];

  269.         }

  270. 

  271.         // error

  272.         return $list;

  273.     }

  274. 

  275.     /**

  276.      * Key pair generation.

  277.      *

  278.      * @param array Key/User data (user, email, password, size)

  279.      *

  280.      * @return mixed Key (enigma_key) object or enigma_error

  281.      */

  282.     public function gen_key($data)

  283.     {

  284.         try {

  285.             $debug  = $this->rc->config->get('enigma_debug');

  286.             $keygen = new Crypt_GPG_KeyGenerator(array(

  287.                     'homedir' => $this->homedir,

  288.                     // 'binary'  => '/usr/bin/gpg2',

  289.                     'debug'   => $debug ? array($this, 'debug') : false,

  290.             ));

  291. 

  292.             $key = $keygen

  293.                 ->setExpirationDate(0)

  294.                 ->setPassphrase($data['password'])

  295.                 ->generateKey($data['user'], $data['email']);

  296. 

  297.             return $this->parse_key($key);

  298.         }

  299.         catch (Exception $e) {

  300.             return $this->get_error_from_exception($e);

  301.         }

  302.     }

  303. 

  304.     /**

  305.      * Key deletion.

  306.      *

  307.      * @param string Key ID

  308.      *

  309.      * @return mixed True on success or enigma_error

  310.      */

  311.     public function delete_key($keyid)

  312.     {

  313.         // delete public key

  314.         $result = $this->delete_pubkey($keyid);

  315. 

  316.         // error handling

  317.         if ($result !== true) {

  318.             $code = $result->getCode();

  319. 

  320.             // if not found, delete private key

  321.             if ($code == enigma_error::KEYNOTFOUND) {

  322.                 $result = $this->delete_privkey($keyid);

  323.             }

  324.             // need to delete private key first

  325.             else if ($code == enigma_error::DELKEY) {

  326.                 $key = $this->get_key($keyid);

  327.                 for ($i = count($key->subkeys) - 1; $i >= 0; $i--) {

  328.                     $type = ($key->subkeys[$i]->usage & enigma_key::CAN_ENCRYPT) ? 'priv' : 'pub';

  329.                     $result = $this->{'delete_' . $type . 'key'}($key->subkeys[$i]->id);

  330.                     if ($result !== true) {

  331.                         return $result;

  332.                     }

  333.                 }

  334.             }

  335.         }

  336. 

  337.         return $result;

  338.     }

  339. 

  340.     /**

  341.      * Private key deletion.

  342.      */

  343.     protected function delete_privkey($keyid)

  344.     {

  345.         try {

  346.             $this->gpg->deletePrivateKey($keyid);

  347.             return true;

  348.         }

  349.         catch (Exception $e) {

  350.             return $this->get_error_from_exception($e);

  351.         }

  352.     }

  353. 

  354.     /**

  355.      * Public key deletion.

  356.      */

  357.     protected function delete_pubkey($keyid)

  358.     {

  359.         try {

  360.             $this->gpg->deletePublicKey($keyid);

  361.             return true;

  362.         }

  363.         catch (Exception $e) {

  364.             return $this->get_error_from_exception($e);

  365.         }

  366.     }

  367. 

  368.     /**

  369.      * Converts Crypt_GPG exception into Enigma's error object

  370.      *

  371.      * @param mixed Exception object

  372.      *

  373.      * @return enigma_error Error object

  374.      */

  375.     protected function get_error_from_exception($e)

  376.     {

  377.         $data = array();

  378. 

  379.         if ($e instanceof Crypt_GPG_KeyNotFoundException) {

  380.             $error = enigma_error::KEYNOTFOUND;

  381.             $data['id'] = $e->getKeyId();

  382.         }

  383.         else if ($e instanceof Crypt_GPG_BadPassphraseException) {

  384.             $error = enigma_error::BADPASS;

  385.             $data['bad']     = $e->getBadPassphrases();

  386.             $data['missing'] = $e->getMissingPassphrases();

  387.         }

  388.         else if ($e instanceof Crypt_GPG_NoDataException) {

  389.             $error = enigma_error::NODATA;

  390.         }

  391.         else if ($e instanceof Crypt_GPG_DeletePrivateKeyException) {

  392.             $error = enigma_error::DELKEY;

  393.         }

  394.         else {

  395.             $error = enigma_error::INTERNAL;

  396.         }

  397. 

  398.         $msg = $e->getMessage();

  399. 

  400.         return new enigma_error($error, $msg, $data);

  401.     }

  402. 

  403.     /**

  404.      * Converts Crypt_GPG_Signature object into Enigma's signature object

  405.      *

  406.      * @param Crypt_GPG_Signature Signature object

  407.      *

  408.      * @return enigma_signature Signature object

  409.      */

  410.     protected function parse_signature($sig)

  411.     {

  412.         $user = $sig->getUserId();

  413. 

  414.         $data = new enigma_signature();

  415.         $data->id          = $sig->getId();

  416.         $data->valid       = $sig->isValid();

  417.         $data->fingerprint = $sig->getKeyFingerprint();

  418.         $data->created     = $sig->getCreationDate();

  419.         $data->expires     = $sig->getExpirationDate();

  420.         $data->name        = $user->getName();

  421.         $data->comment     = $user->getComment();

  422.         $data->email       = $user->getEmail();

  423. 

  424.         return $data;

  425.     }

  426. 

  427.     /**

  428.      * Converts Crypt_GPG_Key object into Enigma's key object

  429.      *

  430.      * @param Crypt_GPG_Key Key object

  431.      *

  432.      * @return enigma_key Key object

  433.      */

  434.     protected function parse_key($key)

  435.     {

  436.         $ekey = new enigma_key();

  437. 

  438.         foreach ($key->getUserIds() as $idx => $user) {

  439.             $id = new enigma_userid();

  440.             $id->name    = $user->getName();

  441.             $id->comment = $user->getComment();

  442.             $id->email   = $user->getEmail();

  443.             $id->valid   = $user->isValid();

  444.             $id->revoked = $user->isRevoked();

  445. 

  446.             $ekey->users[$idx] = $id;

  447.         }

  448. 

  449.         $ekey->name = trim($ekey->users[0]->name . ' <' . $ekey->users[0]->email . '>');

  450. 

  451.         foreach ($key->getSubKeys() as $idx => $subkey) {

  452.             $skey = new enigma_subkey();

  453.             $skey->id          = $subkey->getId();

  454.             $skey->revoked     = $subkey->isRevoked();

  455.             $skey->created     = $subkey->getCreationDate();

  456.             $skey->expires     = $subkey->getExpirationDate();

  457.             $skey->fingerprint = $subkey->getFingerprint();

  458.             $skey->has_private = $subkey->hasPrivate();

  459.             $skey->algorithm   = $subkey->getAlgorithm();

  460.             $skey->length      = $subkey->getLength();

  461.             $skey->usage       = $subkey->usage();

  462. 

  463.             $ekey->subkeys[$idx] = $skey;

  464.         };

  465. 

  466.         $ekey->id = $ekey->subkeys[0]->id;

  467. 

  468.         return $ekey;

  469.     }

  470. 

  471.     /**

  472.      * Write debug info from Crypt_GPG to logs/enigma

  473.      */

  474.     public function debug($line)

  475.     {

  476.         rcube::write_log('enigma', 'GPG: ' . $line);

  477.     }

  478. }