robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 Commits
2 Branches
Tree: ad3f0fe5b1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ad3f0fe5b1'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.3.6/plugins/enigma/lib/enigma_driver_gnupg.php

enigma_driver_gnupg.php 16KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536 
  1. <?php

  2. 

  3. /**

  4.  +-------------------------------------------------------------------------+

  5.  | GnuPG (PGP) driver for the Enigma Plugin                                |

  6.  |                                                                         |

  7.  | Copyright (C) 2010-2015 The Roundcube Dev Team                          |

  8.  |                                                                         |

  9.  | Licensed under the GNU General Public License version 3 or              |

  10.  | any later version with exceptions for skins & plugins.                  |

  11.  | See the README file for a full license statement.                       |

  12.  |                                                                         |

  13.  +-------------------------------------------------------------------------+

  14.  | Author: Aleksander Machniak <alec@alec.pl>                              |

  15.  +-------------------------------------------------------------------------+

  16. */

  17. 

  18. require_once 'Crypt/GPG.php';

  19. 

  20. class enigma_driver_gnupg extends enigma_driver

  21. {

  22.     protected $rc;

  23.     protected $gpg;

  24.     protected $homedir;

  25.     protected $user;

  26.     protected $last_sig_algorithm;

  27. 

  28. 

  29.     function __construct($user)

  30.     {

  31.         $this->rc   = rcmail::get_instance();

  32.         $this->user = $user;

  33.     }

  34. 

  35.     /**

  36.      * Driver initialization and environment checking.

  37.      * Should only return critical errors.

  38.      *

  39.      * @return mixed NULL on success, enigma_error on failure

  40.      */

  41.     function init()

  42.     {

  43.         $homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . 'plugins/enigma/home');

  44.         $debug   = $this->rc->config->get('enigma_debug');

  45.         $binary  = $this->rc->config->get('enigma_pgp_binary');

  46.         $agent   = $this->rc->config->get('enigma_pgp_agent');

  47.         $gpgconf = $this->rc->config->get('enigma_pgp_gpgconf');

  48. 

  49.         if (!$homedir) {

  50.             return new enigma_error(enigma_error::INTERNAL,

  51.                 "Option 'enigma_pgp_homedir' not specified");

  52.         }

  53. 

  54.         // check if homedir exists (create it if not) and is readable

  55.         if (!file_exists($homedir)) {

  56.             return new enigma_error(enigma_error::INTERNAL,

  57.                 "Keys directory doesn't exists: $homedir");

  58.         }

  59.         if (!is_writable($homedir)) {

  60.             return new enigma_error(enigma_error::INTERNAL,

  61.                 "Keys directory isn't writeable: $homedir");

  62.         }

  63. 

  64.         $homedir = $homedir . '/' . $this->user;

  65. 

  66.         // check if user's homedir exists (create it if not) and is readable

  67.         if (!file_exists($homedir)) {

  68.             mkdir($homedir, 0700);

  69.         }

  70. 

  71.         if (!file_exists($homedir)) {

  72.             return new enigma_error(enigma_error::INTERNAL,

  73.                 "Unable to create keys directory: $homedir");

  74.         }

  75.         if (!is_writable($homedir)) {

  76.             return new enigma_error(enigma_error::INTERNAL,

  77.                 "Unable to write to keys directory: $homedir");

  78.         }

  79. 

  80.         $this->homedir = $homedir;

  81. 

  82.         $options = array('homedir' => $this->homedir);

  83. 

  84.         if ($debug) {

  85.             $options['debug'] = array($this, 'debug');

  86.         }

  87.         if ($binary) {

  88.             $options['binary'] = $binary;

  89.         }

  90.         if ($agent) {

  91.             $options['agent'] = $agent;

  92.         }

  93.         if ($gpgconf) {

  94.             $options['gpgconf'] = $gpgconf;

  95.         }

  96. 

  97.         // Create Crypt_GPG object

  98.         try {

  99.             $this->gpg = new Crypt_GPG($options);

  100.         }

  101.         catch (Exception $e) {

  102.             return $this->get_error_from_exception($e);

  103.         }

  104.     }

  105. 

  106.     /**

  107.      * Encryption (and optional signing).

  108.      *

  109.      * @param string     Message body

  110.      * @param array      List of keys (enigma_key objects)

  111.      * @param enigma_key Optional signing Key ID

  112.      *

  113.      * @return mixed Encrypted message or enigma_error on failure

  114.      */

  115.     function encrypt($text, $keys, $sign_key = null)

  116.     {

  117.         try {

  118.             foreach ($keys as $key) {

  119.                 $this->gpg->addEncryptKey($key->reference);

  120.             }

  121. 

  122.             if ($sign_key) {

  123.                 $this->gpg->addSignKey($sign_key->reference, $sign_key->password);

  124. 

  125.                 $res     = $this->gpg->encryptAndSign($text, true);

  126.                 $sigInfo = $this->gpg->getLastSignatureInfo();

  127. 

  128.                 $this->last_sig_algorithm = $sigInfo->getHashAlgorithmName();

  129. 

  130.                 return $res;

  131.             }

  132. 

  133.             return $this->gpg->encrypt($text, true);

  134.         }

  135.         catch (Exception $e) {

  136.             return $this->get_error_from_exception($e);

  137.         }

  138.     }

  139. 

  140.     /**

  141.      * Decrypt a message (and verify if signature found)

  142.      *

  143.      * @param string           Encrypted message

  144.      * @param array            List of key-password mapping

  145.      * @param enigma_signature Signature information (if available)

  146.      *

  147.      * @return mixed Decrypted message or enigma_error on failure

  148.      */

  149.     function decrypt($text, $keys = array(), &$signature = null)

  150.     {

  151.         try {

  152.             foreach ($keys as $key => $password) {

  153.                 $this->gpg->addDecryptKey($key, $password);

  154.             }

  155. 

  156.             $result = $this->gpg->decryptAndVerify($text, true);

  157. 

  158.             if (!empty($result['signatures'])) {

  159.                 $signature = $this->parse_signature($result['signatures'][0]);

  160.             }

  161. 

  162.             return $result['data'];

  163.         }

  164.         catch (Exception $e) {

  165.             return $this->get_error_from_exception($e);

  166.         }

  167.     }

  168. 

  169.     /**

  170.      * Signing.

  171.      *

  172.      * @param string     Message body

  173.      * @param enigma_key The key

  174.      * @param int        Signing mode (enigma_engine::SIGN_*)

  175.      *

  176.      * @return mixed True on success or enigma_error on failure

  177.      */

  178.     function sign($text, $key, $mode = null)

  179.     {

  180.         try {

  181.             $this->gpg->addSignKey($key->reference, $key->password);

  182. 

  183.             $res     = $this->gpg->sign($text, $mode, CRYPT_GPG::ARMOR_ASCII, true);

  184.             $sigInfo = $this->gpg->getLastSignatureInfo();

  185. 

  186.             $this->last_sig_algorithm = $sigInfo->getHashAlgorithmName();

  187. 

  188.             return $res;

  189.         }

  190.         catch (Exception $e) {

  191.             return $this->get_error_from_exception($e);

  192.         }

  193.     }

  194. 

  195.     /**

  196.      * Signature verification.

  197.      *

  198.      * @param string Message body

  199.      * @param string Signature, if message is of type PGP/MIME and body doesn't contain it

  200.      *

  201.      * @return mixed Signature information (enigma_signature) or enigma_error

  202.      */

  203.     function verify($text, $signature)

  204.     {

  205.         try {

  206.             $verified = $this->gpg->verify($text, $signature);

  207.             return $this->parse_signature($verified[0]);

  208.         }

  209.         catch (Exception $e) {

  210.             return $this->get_error_from_exception($e);

  211.         }

  212.     }

  213. 

  214.     /**

  215.      * Key file import.

  216.      *

  217.      * @param string File name or file content

  218.      * @param bolean True if first argument is a filename

  219.      * @param array  Optional key => password map

  220.      *

  221.      * @return mixed Import status array or enigma_error

  222.      */

  223.     public function import($content, $isfile = false, $passwords = array())

  224.     {

  225.         try {

  226.             // GnuPG 2.1 requires secret key passphrases on import

  227.             foreach ($passwords as $keyid => $pass) {

  228.                 $this->gpg->addPassphrase($keyid, $pass);

  229.             }

  230. 

  231.             if ($isfile)

  232.                 return $this->gpg->importKeyFile($content);

  233.             else

  234.                 return $this->gpg->importKey($content);

  235.         }

  236.         catch (Exception $e) {

  237.             return $this->get_error_from_exception($e);

  238.         }

  239.     }

  240. 

  241.     /**

  242.      * Key export.

  243.      *

  244.      * @param string Key ID

  245.      * @param bool   Include private key

  246.      * @param array  Optional key => password map

  247.      *

  248.      * @return mixed Key content or enigma_error

  249.      */

  250.     public function export($keyid, $with_private = false, $passwords = array())

  251.     {

  252.         try {

  253.             $key = $this->gpg->exportPublicKey($keyid, true);

  254. 

  255.             if ($with_private) {

  256.                 // GnuPG 2.1 requires secret key passphrases on export

  257.                 foreach ($passwords as $_keyid => $pass) {

  258.                     $this->gpg->addPassphrase($_keyid, $pass);

  259.                 }

  260. 

  261.                 $priv = $this->gpg->exportPrivateKey($keyid, true);

  262.                 $key .= $priv;

  263.             }

  264. 

  265.             return $key;

  266.         }

  267.         catch (Exception $e) {

  268.             return $this->get_error_from_exception($e);

  269.         }

  270.     }

  271. 

  272.     /**

  273.      * Keys listing.

  274.      *

  275.      * @param string Optional pattern for key ID, user ID or fingerprint

  276.      *

  277.      * @return mixed Array of enigma_key objects or enigma_error

  278.      */

  279.     public function list_keys($pattern = '')

  280.     {

  281.         try {

  282.             $keys = $this->gpg->getKeys($pattern);

  283.             $result = array();

  284. 

  285.             foreach ($keys as $idx => $key) {

  286.                 $result[] = $this->parse_key($key);

  287.                 unset($keys[$idx]);

  288.             }

  289. 

  290.             return $result;

  291.         }

  292.         catch (Exception $e) {

  293.             return $this->get_error_from_exception($e);

  294.         }

  295.     }

  296. 

  297.     /**

  298.      * Single key information.

  299.      *

  300.      * @param string Key ID, user ID or fingerprint

  301.      *

  302.      * @return mixed Key (enigma_key) object or enigma_error

  303.      */

  304.     public function get_key($keyid)

  305.     {

  306.         $list = $this->list_keys($keyid);

  307. 

  308.         if (is_array($list)) {

  309.             return $list[key($list)];

  310.         }

  311. 

  312.         // error

  313.         return $list;

  314.     }

  315. 

  316.     /**

  317.      * Key pair generation.

  318.      *

  319.      * @param array Key/User data (user, email, password, size)

  320.      *

  321.      * @return mixed Key (enigma_key) object or enigma_error

  322.      */

  323.     public function gen_key($data)

  324.     {

  325.         try {

  326.             $debug  = $this->rc->config->get('enigma_debug');

  327.             $keygen = new Crypt_GPG_KeyGenerator(array(

  328.                     'homedir' => $this->homedir,

  329.                     // 'binary'  => '/usr/bin/gpg2',

  330.                     'debug'   => $debug ? array($this, 'debug') : false,

  331.             ));

  332. 

  333.             $key = $keygen

  334.                 ->setExpirationDate(0)

  335.                 ->setPassphrase($data['password'])

  336.                 ->generateKey($data['user'], $data['email']);

  337. 

  338.             return $this->parse_key($key);

  339.         }

  340.         catch (Exception $e) {

  341.             return $this->get_error_from_exception($e);

  342.         }

  343.     }

  344. 

  345.     /**

  346.      * Key deletion.

  347.      *

  348.      * @param string Key ID

  349.      *

  350.      * @return mixed True on success or enigma_error

  351.      */

  352.     public function delete_key($keyid)

  353.     {

  354.         // delete public key

  355.         $result = $this->delete_pubkey($keyid);

  356. 

  357.         // error handling

  358.         if ($result !== true) {

  359.             $code = $result->getCode();

  360. 

  361.             // if not found, delete private key

  362.             if ($code == enigma_error::KEYNOTFOUND) {

  363.                 $result = $this->delete_privkey($keyid);

  364.             }

  365.             // need to delete private key first

  366.             else if ($code == enigma_error::DELKEY) {

  367.                 $key = $this->get_key($keyid);

  368.                 for ($i = count($key->subkeys) - 1; $i >= 0; $i--) {

  369.                     $type = ($key->subkeys[$i]->usage & enigma_key::CAN_ENCRYPT) ? 'priv' : 'pub';

  370.                     $result = $this->{'delete_' . $type . 'key'}($key->subkeys[$i]->id);

  371.                     if ($result !== true) {

  372.                         return $result;

  373.                     }

  374.                 }

  375.             }

  376.         }

  377. 

  378.         return $result;

  379.     }

  380. 

  381.     /**

  382.      * Returns a name of the hash algorithm used for the last

  383.      * signing operation.

  384.      *

  385.      * @return string Hash algorithm name e.g. sha1

  386.      */

  387.     public function signature_algorithm()

  388.     {

  389.         return $this->last_sig_algorithm;

  390.     }

  391. 

  392.     /**

  393.      * Private key deletion.

  394.      */

  395.     protected function delete_privkey($keyid)

  396.     {

  397.         try {

  398.             $this->gpg->deletePrivateKey($keyid);

  399.             return true;

  400.         }

  401.         catch (Exception $e) {

  402.             return $this->get_error_from_exception($e);

  403.         }

  404.     }

  405. 

  406.     /**

  407.      * Public key deletion.

  408.      */

  409.     protected function delete_pubkey($keyid)

  410.     {

  411.         try {

  412.             $this->gpg->deletePublicKey($keyid);

  413.             return true;

  414.         }

  415.         catch (Exception $e) {

  416.             return $this->get_error_from_exception($e);

  417.         }

  418.     }

  419. 

  420.     /**

  421.      * Converts Crypt_GPG exception into Enigma's error object

  422.      *

  423.      * @param mixed Exception object

  424.      *

  425.      * @return enigma_error Error object

  426.      */

  427.     protected function get_error_from_exception($e)

  428.     {

  429.         $data = array();

  430. 

  431.         if ($e instanceof Crypt_GPG_KeyNotFoundException) {

  432.             $error = enigma_error::KEYNOTFOUND;

  433.             $data['id'] = $e->getKeyId();

  434.         }

  435.         else if ($e instanceof Crypt_GPG_BadPassphraseException) {

  436.             $error = enigma_error::BADPASS;

  437.             $data['bad']     = $e->getBadPassphrases();

  438.             $data['missing'] = $e->getMissingPassphrases();

  439.         }

  440.         else if ($e instanceof Crypt_GPG_NoDataException) {

  441.             $error = enigma_error::NODATA;

  442.         }

  443.         else if ($e instanceof Crypt_GPG_DeletePrivateKeyException) {

  444.             $error = enigma_error::DELKEY;

  445.         }

  446.         else {

  447.             $error = enigma_error::INTERNAL;

  448.         }

  449. 

  450.         $msg = $e->getMessage();

  451. 

  452.         return new enigma_error($error, $msg, $data);

  453.     }

  454. 

  455.     /**

  456.      * Converts Crypt_GPG_Signature object into Enigma's signature object

  457.      *

  458.      * @param Crypt_GPG_Signature Signature object

  459.      *

  460.      * @return enigma_signature Signature object

  461.      */

  462.     protected function parse_signature($sig)

  463.     {

  464.         $data = new enigma_signature();

  465. 

  466.         $data->id          = $sig->getId() ?: $sig->getKeyId();

  467.         $data->valid       = $sig->isValid();

  468.         $data->fingerprint = $sig->getKeyFingerprint();

  469.         $data->created     = $sig->getCreationDate();

  470.         $data->expires     = $sig->getExpirationDate();

  471. 

  472.         // In case of ERRSIG user may not be set

  473.         if ($user = $sig->getUserId()) {

  474.             $data->name    = $user->getName();

  475.             $data->comment = $user->getComment();

  476.             $data->email   = $user->getEmail();

  477.         }

  478. 

  479.         return $data;

  480.     }

  481. 

  482.     /**

  483.      * Converts Crypt_GPG_Key object into Enigma's key object

  484.      *

  485.      * @param Crypt_GPG_Key Key object

  486.      *

  487.      * @return enigma_key Key object

  488.      */

  489.     protected function parse_key($key)

  490.     {

  491.         $ekey = new enigma_key();

  492. 

  493.         foreach ($key->getUserIds() as $idx => $user) {

  494.             $id = new enigma_userid();

  495.             $id->name    = $user->getName();

  496.             $id->comment = $user->getComment();

  497.             $id->email   = $user->getEmail();

  498.             $id->valid   = $user->isValid();

  499.             $id->revoked = $user->isRevoked();

  500. 

  501.             $ekey->users[$idx] = $id;

  502.         }

  503. 

  504.         $ekey->name = trim($ekey->users[0]->name . ' <' . $ekey->users[0]->email . '>');

  505. 

  506.         // keep reference to Crypt_GPG's key for performance reasons

  507.         $ekey->reference = $key;

  508. 

  509.         foreach ($key->getSubKeys() as $idx => $subkey) {

  510.             $skey = new enigma_subkey();

  511.             $skey->id          = $subkey->getId();

  512.             $skey->revoked     = $subkey->isRevoked();

  513.             $skey->created     = $subkey->getCreationDate();

  514.             $skey->expires     = $subkey->getExpirationDate();

  515.             $skey->fingerprint = $subkey->getFingerprint();

  516.             $skey->has_private = $subkey->hasPrivate();

  517.             $skey->algorithm   = $subkey->getAlgorithm();

  518.             $skey->length      = $subkey->getLength();

  519.             $skey->usage       = $subkey->usage();

  520. 

  521.             $ekey->subkeys[$idx] = $skey;

  522.         };

  523. 

  524.         $ekey->id = $ekey->subkeys[0]->id;

  525. 

  526.         return $ekey;

  527.     }

  528. 

  529.     /**

  530.      * Write debug info from Crypt_GPG to logs/enigma

  531.      */

  532.     public function debug($line)

  533.     {

  534.         rcube::write_log('enigma', 'GPG: ' . $line);

  535.     }

  536. }