Icontem

File: libs/classes/class.openssl.php

Recommend this page to a friend!
  Classes of Jason Gerfen  >  jQuery.pidCrypt  >  libs/classes/class.openssl.php  >  Download  
File: libs/classes/class.openssl.php
Role: Auxiliary data
Content type: text/plain
Description: Auxiliary data
Class: jQuery.pidCrypt
Encrypt form values using RSA and AES
Author: By
Last change:
Date: 5 years ago
Size: 13,234 bytes
 

Contents

Class file image Download
<?php
/**
 * Handle openssl encryption functionality
 *
 * Generate private / public key pairs
 * Use RSA encrypt / decrypt functions
 * Use AES encrypt / decrypt functions
 * Parse x509 certificates
 * Generate and use x509 certificates for email signing
 * Generate pkcs#12 certificates
 *
 * LICENSE: This source file is subject to version 3.01 of the GPL license
 * that is available through the world-wide-web at the following URI:
 * http://www.gnu.org/licenses/gpl.html.  If you did not receive a copy of
 * the GPL License and are unable to obtain it through the web, please
 *
 * @category   encryption
 * @author     Jason Gerfen <jason.gerfen@gmail.com>
 * @copyright  2010-2011 Jason Gerfen
 * @license    http://www.gnu.org/licenses/gpl.html  GPL
 * @version    0.1
 */

/*!
 * @class openssl
 * @abstract Implement PHP openssl functions
 */
class openssl
{

 protected static $instance;
 private $handle=null;
 private $opt=array();
 private $dn=array();
 private $d=false;
 public $output;

 /*!
  * @function __construct
  * @abstract Private constructor tests for openssl libraries, sets up the
  *           required DN array and cipher options
  * @param $configuration Array Nested array of configuration options
  */
 private function __construct($configuration)
 {
  if (function_exists('openssl_pkey_new')){
   $this->setOpt($configuration);
   $this->setDN($configuration);
   $this->d = ($_SERVER["HTTP_X_REQUESTED_WITH"] === 'XMLHttpRequest') ? true : false;
   return;
  } else {
   unset($instance);
   exit('The openssl extensions are not loaded.');
  }
 }

 /*!
  * @function instance
  * @abstract Public class access method, implements __construct
  * @param $configuration Array Nested array of configuration options
  * @return object The class object
  */
 public static function instance($configuration, $killswitch=false)
 {
  if ((!isset(self::$instance))||($killswitch)){
   $c = __CLASS__;
   self::$instance = new self($configuration);
  }
  return self::$instance;
 }

 /*!
  * @function setOpt
  * @abstract Copies OpenSSL cipher options to private class array
  * @param $configuration Array Nested array of configuration options
  * @return array Cipher options
  */
 private function setOpt($configuration)
 {
  $this->opt = $configuration['config'];
 }

 /*!
  * @function setDN
  * @abstract Copies OpenSSL required location data to private class array
  * @param $configuration array Nested array of configuration options
  * @return array OpenSSL location (DN) information
  */
 private function setDN($configuration)
 {
  $this->dn = $configuration['dn'];
 }

 /*!
  * @function genRand
  * @abstract Wrapper for openssl_random_pseudo_bytes with graceful degrading
  *           for weak entropy sources
  * @param $int int Size of random bytes to produce
  * @return string
  */
 public function genRand($int = 2048)
 {
  return (function_exists('openssl_random_pseudo_bytes')) ? bin2hex(openssl_random_pseudo_bytes($int)) : bin2hex($this->altRand($int));
 }

 /*!
  * @function altRand
  * @abstract Alternative random seeder
  * @param $int int Size of random bytes to produce
  * @return string
  */
 public function altRand($int = 2048)
 {
  if (is_readable('/dev/random')){
   $f=fopen('/dev/random', 'r');
   if ($f){
    $urandom=fread($f, $int);
   } else {
    return $this->_altRand($int);
   }
   fclose($f);
  } else {
   return $this->_altRand($int);
  }
  $return='';
  for ($i=0;$i<$int;++$i){
   if (!isset($urandom)){
    if ($i%2==0){
     mt_srand(time()%2147 * 1000000 + (double)microtime() * 1000000);
    }
    $rand=48+mt_rand()%64;
   } else {
    $rand=48+ord($urandom[$i])%64;
    if ($rand>57){
     $rand+=7;
    }
    if ($rand>90){
     $rand+=6;
    }
    if ($rand==123) $rand=45;
    if ($rand==124) $rand=46;
    $return.=chr($rand);
   }
  }
  return $return;
 }

 /*!
  * @function _altRand
  * @abstract Alternative random seeder
  * @param $int int Size of random bytes to produce
  * @return string
  */
 public function _altRand($int = 2048)
 {
  for ($i=0;$i<$int;++$i){
   if ($i%2==0){
    mt_srand(time()%2147 * 1000000 + (double)microtime() * 1000000);
   }
   $rand=48+mt_rand()%64;
   $r.=chr($rand);
  }
  return $r;
 }

 /*!
  * @function genPriv
  * @abstract Public method of generating new private key
  * @param $password string Passphrase used for private key creation
  * @return object The private key object
  */
 public function genPriv($password)
 {
  $this->handle = openssl_pkey_new($this->opt);
  openssl_pkey_export($this->handle, $privatekey, $password, $this->opt);
  return $privatekey;
 }

 /*!
  * @function genPub
  * @abstract Public method of obtaining public key
  * @return array The public key and its bit size
  */
 public function genPub()
 {
  $results = openssl_pkey_get_details($this->handle);
  return $results['key'];
 }

 /*!
  * @function parsex509
  * @abstract Public method of parsing x.509 certificate
  * @param $certificate file or string x.509 certificate file or string
  * @return array The decoded x.509 certificate parameters
  */
 public function parsex509($certificate)
 {
  return openssl_x509_parse(openssl_x509_read($certificate));
 }

 /*!
  * @function createx509
  * @abstract Public method to create a signed x.509 certificate
  * @param $o array An array of options for both DN and SSL configuration opts
  * @param $p string The private key to create a new CSR with
  * @param $x string The password originally used to create private key
  * @return string The x.509 certificate
  */
 public function createx509($o, $p, $x, $f=false)
 {
  $a = openssl_pkey_get_private($p, $x);
  $b = openssl_csr_new($o['dn'], $a, $o['config']);
  $c = openssl_csr_sign($b, null, $a, 365);
  ($f===false) ? openssl_x509_export($c, $d) : openssl_x509_export_to_file($c, $f);
  return ($f===false) ? $d :$f;
 }

 /*!
  * @function signx509
  * @abstract Use a x.509 certificate to sign data
  * @param $fin string Path to file of email contents
  * @param $fout string Path to file once signed
  * @param $c string x.509 certificate used to sign email
  * @param $p mixed Private key or array of private key and password
  * @param $o array Array of header information regarding email
  */
 public function signx509($fin, $fout, $c, $p, $o)
 {
  openssl_pkcs7_sign($fin, $fout, $c, $p, $o);
  return $fout;
 }

 /*!
  * @function verifyx509
  * @abstract Verify a signed message
  * @param $fin string Path to file of email contents
  * @param $f integer PKCS7 flag
  * @param $fout string Path to file once signed
  * @param $c string x.509 certificate used to sign email
  * @param $p mixed Private key or array of private key and password
  * @param $o array Array of header information regarding email
  */
 public function verifyx509($fin, $fout, $c=array(), $p=null, $o=null, $f=PKCS7_TEXT)
 {
  openssl_pkcs7_verify($fin, $f, $fout, $c, $p, $o);
  return $fout;
 }

 /*!
  * @function encryptx509
  * @abstract Use public key to encrypt email
  * @param $fin string Path to file of email contents
  * @param $fout string Path to file once signed
  * @param $c string Public key used to encrypt data
  * @param $o array Array of header information regarding email
  */
 public function encryptx509($fin, $fout, $k, $o)
 {
  openssl_pkcs7_encrypt($fin, $fout, $k, $o);
  return $fout;
 }

 /*!
  * @function createpkcs12
  * @abstract Export a pkcs12 file for client auth from the x.509 certificate
  * @param $c string The x.509 certificate
  * @param $k string The private key to generate a new pkcs#12 file
  * @param $p string The password originally used to create private key
  * @return string The pkcs#12 certificate
  */
 public function createpkcs12($c, $k, $p, $a=array('friendly_name'=>'', 'extracerts'=>''), $f=false, $d=false)
 {
  $key = openssl_pkey_get_private($k, $p);
  ($f===false) ? openssl_pkcs12_export($c, $r, $key, $p, $a) : openssl_pkcs12_export_to_file($c, $r, $key, $p, $a);
  return $r;
 }

 /*!
  * @function readpkcs12
  * @abstract Read a pkcs12 file into an array
  * @param $c string The pkcs12 certificate
  * @param $p string The password originally used to create pkcs12 certificate
  * @return array The pkcs#12 certificate details
  */
 public function readpkcs12($c, $p)
 {
  openssl_pkcs12_read($c, $r, $p);
  return $r;
 }

 /*!
  * @function enc
  * @abstract Public method of encrypting data using private key
  * @param $private object Private key object used to encrypt data
  * @param $data string Data to be encrypted
  * @param $password string Passphrase used to create private key
  * @return string The encrypted data
  */
 public function enc($private, $data, $password)
 {
  if ((!empty($private))&&(!empty($data))) {
   $res = openssl_get_privatekey($private, $password);
   openssl_private_encrypt($data, $this->output, $res);
   return $this->output;
  } else {
   return FALSE;
  }
 }

 /*!
  * @function pubDenc
  * @abstract Public method of using public key to decrypt data that was
  *           encrypted using the private key
  * @param $crypt string Encrypted data
  * @param $key object Private key object used to create certificate
  * @return string The decrypted string
  */
 public function pubDenc($crypt, $key)
 {
  $res = (is_array($key)) ? openssl_get_publickey($key['key']) : openssl_get_publickey($key);
  ($this->d) ? openssl_public_decrypt($this->convertBin($crypt), $this->output, $res) : openssl_public_decrypt($crypt, $this->output, $res);
  return ($this->d) ? base64_decode($this->output) : $this->output;
 }

 /*!
  * @function privDenc
  * @abstract Public method of using the private key to decrypt data that was
  *           encrypted using the private key
  * @param $crypt string String to be encrypted
  * @param $key object Private key object used to create certificate
  * @param $pass string Passphrase used to generate private key
  * @return string The decrypted string
  */
 public function privDenc($crypt, $key, $pass)
 {
  $res = (is_array($key)) ? openssl_get_privatekey($key['key'], $pass) : openssl_get_privatekey($key, $pass);
  if (is_resource($res)){
   ($this->d) ? openssl_private_decrypt($this->convertBin($crypt), $this->output, $res) : openssl_private_decrypt($crypt, $this->output, $res);
  } else {
   return false;
  }
  return ($this->d) ? base64_decode($this->output) : $this->output;
 }

 /*!
  * @function aesEnc
  * @abstract Public method of encryption using AES
  * @param $data string String to be encrypted
  * @param $password string Passphrase used for encryption
  * @param $iv int Integer 16bits in length
  * @param $raw boolean Raw encryption
  * @param $cipher string Encryption cipher
  * @return string The encrypted string
  */
 public function aesEnc($data, $password, $iv='', $raw=false, $cipher='aes-256-cbc')
 {
  return openssl_encrypt($data, $cipher, $password, $raw, $iv);
 }

 /*!
  * @function aesDenc
  * @abstract Public method of decryption using AES
  * @param $data string String to be encrypted
  * @param $password string Passphrase used for encryption
  * @param $iv int Integer 16bits in length
  * @param $raw boolean Raw encryption
  * @param $cipher string Encryption cipher
  * @return string The decrypted string
  */
 public function aesDenc($data, $password, $iv='', $raw=false, $cipher='aes-256-cbc')
 {
  return openssl_decrypt($data, $cipher, $password, $raw, $iv);
 }

 /*!
  * @function sign
  * @abstract Sign specified data using private key
  * @param $data string Data to sign
  * @param $key string Private key
  * @param $algo boolean Signature algorithm (default sha512)
  * @return string The signature assocated with data
  */
 public function sign($data, $key, $pass=null, $algo="sha512")
 {
  $id = openssl_pkey_get_private($key, $pass);
  openssl_sign($data, $signature, $id, $algo);
  openssl_free_key($id);
  return ($signature) ? base64_encode($signature) : false;
 }

 /*!
  * @function verify
  * @abstract verify signature on data
  * @param $data string Data to verify
  * @param $public string Users public key
  * @param $algo boolean Signature algorithm (default sha512)
  * @return string The signature assocated with data
  */
 public function verify($data, $sig, $key, $algo="sha512")
 {
  $id = openssl_pkey_get_public($key);
  $r = openssl_verify($data, $sig, $id, $algo);
  openssl_free_key($id);
  return $r;
 }

 /*!
  * @function convertBin
  * @abstract Private function to convert hex data to binary
  * @param $key string Hexadecimal data
  * @return string The binary equivelant
  */
 private function convertBin($key)
 {
  $data='';
  $hexLength = strlen($key);
  if ($hexLength % 2 != 0 || preg_match("/[^\da-fA-F]/", $key)) return false;
  for ($x = 1; $x <= $hexLength / 2; $x++) {
   $data .= chr(hexdec(substr($key, 2 * $x - 2, 2)));
  }
  return $data;
 }
}
?>