commit | author | age
|
48e9c1
|
1 |
<?php |
58c279
|
2 |
|
AM |
3 |
/** |
48e9c1
|
4 |
+-------------------------------------------------------------------------+ |
T |
5 |
| GnuPG (PGP) driver for the Enigma Plugin | |
|
6 |
| | |
a99c34
|
7 |
| Copyright (C) 2010-2015 The Roundcube Dev Team | |
48e9c1
|
8 |
| | |
a99c34
|
9 |
| Licensed under the GNU General Public License version 3 or | |
AM |
10 |
| any later version with exceptions for skins & plugins. | |
|
11 |
| See the README file for a full license statement. | |
48e9c1
|
12 |
| | |
T |
13 |
+-------------------------------------------------------------------------+ |
|
14 |
| Author: Aleksander Machniak <alec@alec.pl> | |
|
15 |
+-------------------------------------------------------------------------+ |
|
16 |
*/ |
|
17 |
|
|
18 |
require_once 'Crypt/GPG.php'; |
|
19 |
|
|
20 |
class enigma_driver_gnupg extends enigma_driver |
|
21 |
{ |
cffe97
|
22 |
protected $rc; |
AM |
23 |
protected $gpg; |
|
24 |
protected $homedir; |
|
25 |
protected $user; |
a99c34
|
26 |
|
48e9c1
|
27 |
|
T |
28 |
function __construct($user) |
|
29 |
{ |
0878c8
|
30 |
$this->rc = rcmail::get_instance(); |
48e9c1
|
31 |
$this->user = $user; |
T |
32 |
} |
|
33 |
|
|
34 |
/** |
|
35 |
* Driver initialization and environment checking. |
|
36 |
* Should only return critical errors. |
|
37 |
* |
|
38 |
* @return mixed NULL on success, enigma_error on failure |
|
39 |
*/ |
|
40 |
function init() |
|
41 |
{ |
0878c8
|
42 |
$homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . 'plugins/enigma/home'); |
48e9c1
|
43 |
|
T |
44 |
if (!$homedir) |
cffe97
|
45 |
return new enigma_error(enigma_error::INTERNAL, |
48e9c1
|
46 |
"Option 'enigma_pgp_homedir' not specified"); |
T |
47 |
|
|
48 |
// check if homedir exists (create it if not) and is readable |
|
49 |
if (!file_exists($homedir)) |
cffe97
|
50 |
return new enigma_error(enigma_error::INTERNAL, |
48e9c1
|
51 |
"Keys directory doesn't exists: $homedir"); |
T |
52 |
if (!is_writable($homedir)) |
cffe97
|
53 |
return new enigma_error(enigma_error::INTERNAL, |
48e9c1
|
54 |
"Keys directory isn't writeable: $homedir"); |
T |
55 |
|
|
56 |
$homedir = $homedir . '/' . $this->user; |
|
57 |
|
|
58 |
// check if user's homedir exists (create it if not) and is readable |
|
59 |
if (!file_exists($homedir)) |
|
60 |
mkdir($homedir, 0700); |
|
61 |
|
|
62 |
if (!file_exists($homedir)) |
cffe97
|
63 |
return new enigma_error(enigma_error::INTERNAL, |
48e9c1
|
64 |
"Unable to create keys directory: $homedir"); |
T |
65 |
if (!is_writable($homedir)) |
cffe97
|
66 |
return new enigma_error(enigma_error::INTERNAL, |
48e9c1
|
67 |
"Unable to write to keys directory: $homedir"); |
T |
68 |
|
|
69 |
$this->homedir = $homedir; |
|
70 |
|
|
71 |
// Create Crypt_GPG object |
|
72 |
try { |
3e98f8
|
73 |
$this->gpg = new Crypt_GPG(array( |
48e9c1
|
74 |
'homedir' => $this->homedir, |
0878c8
|
75 |
// 'binary' => '/usr/bin/gpg2', |
AM |
76 |
// 'debug' => true, |
48e9c1
|
77 |
)); |
T |
78 |
} |
|
79 |
catch (Exception $e) { |
|
80 |
return $this->get_error_from_exception($e); |
|
81 |
} |
|
82 |
} |
|
83 |
|
a99c34
|
84 |
/** |
cffe97
|
85 |
* Encryption. |
a99c34
|
86 |
* |
cffe97
|
87 |
* @param string Message body |
AM |
88 |
* @param array List of key-password mapping |
|
89 |
* |
|
90 |
* @return mixed Encrypted message or enigma_error on failure |
a99c34
|
91 |
*/ |
48e9c1
|
92 |
function encrypt($text, $keys) |
T |
93 |
{ |
a99c34
|
94 |
try { |
AM |
95 |
foreach ($keys as $key) { |
|
96 |
$this->gpg->addEncryptKey($key); |
|
97 |
} |
|
98 |
|
cffe97
|
99 |
return $this->gpg->encrypt($text, true); |
3e98f8
|
100 |
} |
a99c34
|
101 |
catch (Exception $e) { |
AM |
102 |
return $this->get_error_from_exception($e); |
|
103 |
} |
48e9c1
|
104 |
} |
T |
105 |
|
0878c8
|
106 |
/** |
a99c34
|
107 |
* Decrypt a message |
0878c8
|
108 |
* |
AM |
109 |
* @param string Encrypted message |
|
110 |
* @param array List of key-password mapping |
cffe97
|
111 |
* |
AM |
112 |
* @return mixed Decrypted message or enigma_error on failure |
0878c8
|
113 |
*/ |
AM |
114 |
function decrypt($text, $keys = array()) |
48e9c1
|
115 |
{ |
T |
116 |
try { |
a99c34
|
117 |
foreach ($keys as $key => $password) { |
AM |
118 |
$this->gpg->addDecryptKey($key, $password); |
|
119 |
} |
|
120 |
|
cffe97
|
121 |
return $this->gpg->decrypt($text); |
48e9c1
|
122 |
} |
T |
123 |
catch (Exception $e) { |
|
124 |
return $this->get_error_from_exception($e); |
|
125 |
} |
|
126 |
} |
|
127 |
|
cffe97
|
128 |
/** |
AM |
129 |
* Signing. |
|
130 |
* |
|
131 |
* @param string Message body |
|
132 |
* @param string Key ID |
|
133 |
* @param string Key password |
|
134 |
* @param int Signing mode (enigma_engine::SIGN_*) |
|
135 |
* |
|
136 |
* @return mixed True on success or enigma_error on failure |
|
137 |
*/ |
a99c34
|
138 |
function sign($text, $key, $passwd, $mode = null) |
48e9c1
|
139 |
{ |
a99c34
|
140 |
try { |
AM |
141 |
$this->gpg->addSignKey($key, $passwd); |
|
142 |
return $this->gpg->sign($text, $mode, CRYPT_GPG::ARMOR_ASCII, true); |
|
143 |
} |
|
144 |
catch (Exception $e) { |
|
145 |
return $this->get_error_from_exception($e); |
|
146 |
} |
48e9c1
|
147 |
} |
T |
148 |
|
cffe97
|
149 |
/** |
AM |
150 |
* Signature verification. |
|
151 |
* |
|
152 |
* @param string Message body |
|
153 |
* @param string Signature, if message is of type PGP/MIME and body doesn't contain it |
|
154 |
* |
|
155 |
* @return mixed Signature information (enigma_signature) or enigma_error |
|
156 |
*/ |
48e9c1
|
157 |
function verify($text, $signature) |
T |
158 |
{ |
|
159 |
try { |
3e98f8
|
160 |
$verified = $this->gpg->verify($text, $signature); |
AM |
161 |
return $this->parse_signature($verified[0]); |
48e9c1
|
162 |
} |
T |
163 |
catch (Exception $e) { |
|
164 |
return $this->get_error_from_exception($e); |
|
165 |
} |
|
166 |
} |
|
167 |
|
cffe97
|
168 |
/** |
AM |
169 |
* Key file import. |
|
170 |
* |
|
171 |
* @param string File name or file content |
|
172 |
* @param bollean True if first argument is a filename |
|
173 |
* |
|
174 |
* @return mixed Import status array or enigma_error |
|
175 |
*/ |
48e9c1
|
176 |
public function import($content, $isfile=false) |
T |
177 |
{ |
|
178 |
try { |
|
179 |
if ($isfile) |
|
180 |
return $this->gpg->importKeyFile($content); |
|
181 |
else |
|
182 |
return $this->gpg->importKey($content); |
|
183 |
} |
|
184 |
catch (Exception $e) { |
|
185 |
return $this->get_error_from_exception($e); |
|
186 |
} |
|
187 |
} |
3e98f8
|
188 |
|
cffe97
|
189 |
/** |
AM |
190 |
* Key export. |
|
191 |
* |
|
192 |
* @param string Key ID |
|
193 |
* |
|
194 |
* @return mixed Key content or enigma_error |
|
195 |
*/ |
211929
|
196 |
public function export($keyid) |
AM |
197 |
{ |
|
198 |
try { |
|
199 |
return $this->gpg->exportPublicKey($keyid, true); |
|
200 |
} |
|
201 |
catch (Exception $e) { |
|
202 |
return $this->get_error_from_exception($e); |
|
203 |
} |
|
204 |
} |
|
205 |
|
cffe97
|
206 |
/** |
AM |
207 |
* Keys listing. |
|
208 |
* |
|
209 |
* @param string Optional pattern for key ID, user ID or fingerprint |
|
210 |
* |
|
211 |
* @return mixed Array of enigma_key objects or enigma_error |
|
212 |
*/ |
48e9c1
|
213 |
public function list_keys($pattern='') |
T |
214 |
{ |
|
215 |
try { |
3e98f8
|
216 |
$keys = $this->gpg->getKeys($pattern); |
48e9c1
|
217 |
$result = array(); |
0878c8
|
218 |
|
48e9c1
|
219 |
foreach ($keys as $idx => $key) { |
T |
220 |
$result[] = $this->parse_key($key); |
|
221 |
unset($keys[$idx]); |
|
222 |
} |
0878c8
|
223 |
|
3e98f8
|
224 |
return $result; |
48e9c1
|
225 |
} |
T |
226 |
catch (Exception $e) { |
|
227 |
return $this->get_error_from_exception($e); |
|
228 |
} |
|
229 |
} |
3e98f8
|
230 |
|
cffe97
|
231 |
/** |
AM |
232 |
* Single key information. |
|
233 |
* |
|
234 |
* @param string Key ID, user ID or fingerprint |
|
235 |
* |
|
236 |
* @return mixed Key (enigma_key) object or enigma_error |
|
237 |
*/ |
48e9c1
|
238 |
public function get_key($keyid) |
T |
239 |
{ |
|
240 |
$list = $this->list_keys($keyid); |
|
241 |
|
d5501a
|
242 |
if (is_array($list)) { |
AM |
243 |
return $list[key($list)]; |
|
244 |
} |
48e9c1
|
245 |
|
3e98f8
|
246 |
// error |
48e9c1
|
247 |
return $list; |
T |
248 |
} |
|
249 |
|
a0dfcb
|
250 |
/** |
AM |
251 |
* Key pair generation. |
|
252 |
* |
|
253 |
* @param array Key/User data (user, email, password, size) |
|
254 |
* |
|
255 |
* @return mixed Key (enigma_key) object or enigma_error |
|
256 |
*/ |
48e9c1
|
257 |
public function gen_key($data) |
T |
258 |
{ |
a0dfcb
|
259 |
try { |
AM |
260 |
$keygen = new Crypt_GPG_KeyGenerator(array( |
|
261 |
'homedir' => $this->homedir, |
|
262 |
// 'binary' => '/usr/bin/gpg2', |
|
263 |
// 'debug' => true, |
|
264 |
)); |
|
265 |
|
|
266 |
$key = $keygen |
|
267 |
->setExpirationDate(0) |
|
268 |
->setPassphrase($data['password']) |
|
269 |
->generateKey($data['user'], $data['email']); |
|
270 |
|
|
271 |
return $this->parse_key($key); |
|
272 |
} |
|
273 |
catch (Exception $e) { |
|
274 |
return $this->get_error_from_exception($e); |
|
275 |
} |
48e9c1
|
276 |
} |
T |
277 |
|
cffe97
|
278 |
/** |
AM |
279 |
* Key deletion. |
|
280 |
* |
|
281 |
* @param string Key ID |
|
282 |
* |
|
283 |
* @return mixed True on success or enigma_error |
|
284 |
*/ |
0878c8
|
285 |
public function delete_key($keyid) |
48e9c1
|
286 |
{ |
0878c8
|
287 |
// delete public key |
AM |
288 |
$result = $this->delete_pubkey($keyid); |
|
289 |
|
d5501a
|
290 |
// error handling |
AM |
291 |
if ($result !== true) { |
|
292 |
$code = $result->getCode(); |
|
293 |
|
|
294 |
// if not found, delete private key |
cffe97
|
295 |
if ($code == enigma_error::KEYNOTFOUND) { |
d5501a
|
296 |
$result = $this->delete_privkey($keyid); |
AM |
297 |
} |
|
298 |
// need to delete private key first |
cffe97
|
299 |
else if ($code == enigma_error::DELKEY) { |
d5501a
|
300 |
$key = $this->get_key($keyid); |
AM |
301 |
for ($i = count($key->subkeys) - 1; $i >= 0; $i--) { |
13eb9b
|
302 |
$type = ($key->subkeys[$i]->usage & enigma_key::CAN_ENCRYPT) ? 'priv' : 'pub'; |
d5501a
|
303 |
$result = $this->{'delete_' . $type . 'key'}($key->subkeys[$i]->id); |
AM |
304 |
if ($result !== true) { |
|
305 |
return $result; |
|
306 |
} |
|
307 |
} |
|
308 |
} |
0878c8
|
309 |
} |
AM |
310 |
|
|
311 |
return $result; |
48e9c1
|
312 |
} |
3e98f8
|
313 |
|
cffe97
|
314 |
/** |
AM |
315 |
* Private key deletion. |
|
316 |
*/ |
|
317 |
protected function delete_privkey($keyid) |
48e9c1
|
318 |
{ |
T |
319 |
try { |
3e98f8
|
320 |
$this->gpg->deletePrivateKey($keyid); |
48e9c1
|
321 |
return true; |
T |
322 |
} |
|
323 |
catch (Exception $e) { |
|
324 |
return $this->get_error_from_exception($e); |
|
325 |
} |
|
326 |
} |
|
327 |
|
cffe97
|
328 |
/** |
AM |
329 |
* Public key deletion. |
|
330 |
*/ |
|
331 |
protected function delete_pubkey($keyid) |
48e9c1
|
332 |
{ |
T |
333 |
try { |
3e98f8
|
334 |
$this->gpg->deletePublicKey($keyid); |
48e9c1
|
335 |
return true; |
T |
336 |
} |
|
337 |
catch (Exception $e) { |
|
338 |
return $this->get_error_from_exception($e); |
|
339 |
} |
|
340 |
} |
3e98f8
|
341 |
|
a9d399
|
342 |
public function pubkey_for_attach($email) |
KF |
343 |
{ |
|
344 |
try { |
|
345 |
$pubkey = $this->gpg->exportPublicKey($email, true); |
|
346 |
return $pubkey; |
|
347 |
} |
|
348 |
catch (Exception $e) { |
|
349 |
return $this->get_error_from_exception($e); |
|
350 |
} |
|
351 |
} |
|
352 |
|
48e9c1
|
353 |
/** |
T |
354 |
* Converts Crypt_GPG exception into Enigma's error object |
|
355 |
* |
|
356 |
* @param mixed Exception object |
|
357 |
* |
|
358 |
* @return enigma_error Error object |
|
359 |
*/ |
cffe97
|
360 |
protected function get_error_from_exception($e) |
48e9c1
|
361 |
{ |
T |
362 |
$data = array(); |
|
363 |
|
|
364 |
if ($e instanceof Crypt_GPG_KeyNotFoundException) { |
cffe97
|
365 |
$error = enigma_error::KEYNOTFOUND; |
48e9c1
|
366 |
$data['id'] = $e->getKeyId(); |
T |
367 |
} |
|
368 |
else if ($e instanceof Crypt_GPG_BadPassphraseException) { |
cffe97
|
369 |
$error = enigma_error::BADPASS; |
48e9c1
|
370 |
$data['bad'] = $e->getBadPassphrases(); |
T |
371 |
$data['missing'] = $e->getMissingPassphrases(); |
|
372 |
} |
a0dfcb
|
373 |
else if ($e instanceof Crypt_GPG_NoDataException) { |
cffe97
|
374 |
$error = enigma_error::NODATA; |
a0dfcb
|
375 |
} |
AM |
376 |
else if ($e instanceof Crypt_GPG_DeletePrivateKeyException) { |
cffe97
|
377 |
$error = enigma_error::DELKEY; |
a0dfcb
|
378 |
} |
AM |
379 |
else { |
cffe97
|
380 |
$error = enigma_error::INTERNAL; |
a0dfcb
|
381 |
} |
48e9c1
|
382 |
|
T |
383 |
$msg = $e->getMessage(); |
|
384 |
|
|
385 |
return new enigma_error($error, $msg, $data); |
|
386 |
} |
|
387 |
|
|
388 |
/** |
|
389 |
* Converts Crypt_GPG_Signature object into Enigma's signature object |
|
390 |
* |
|
391 |
* @param Crypt_GPG_Signature Signature object |
|
392 |
* |
|
393 |
* @return enigma_signature Signature object |
|
394 |
*/ |
cffe97
|
395 |
protected function parse_signature($sig) |
48e9c1
|
396 |
{ |
T |
397 |
$user = $sig->getUserId(); |
|
398 |
|
|
399 |
$data = new enigma_signature(); |
|
400 |
$data->id = $sig->getId(); |
|
401 |
$data->valid = $sig->isValid(); |
|
402 |
$data->fingerprint = $sig->getKeyFingerprint(); |
|
403 |
$data->created = $sig->getCreationDate(); |
|
404 |
$data->expires = $sig->getExpirationDate(); |
|
405 |
$data->name = $user->getName(); |
|
406 |
$data->comment = $user->getComment(); |
|
407 |
$data->email = $user->getEmail(); |
|
408 |
|
|
409 |
return $data; |
|
410 |
} |
|
411 |
|
|
412 |
/** |
|
413 |
* Converts Crypt_GPG_Key object into Enigma's key object |
|
414 |
* |
|
415 |
* @param Crypt_GPG_Key Key object |
|
416 |
* |
|
417 |
* @return enigma_key Key object |
|
418 |
*/ |
cffe97
|
419 |
protected function parse_key($key) |
48e9c1
|
420 |
{ |
T |
421 |
$ekey = new enigma_key(); |
|
422 |
|
|
423 |
foreach ($key->getUserIds() as $idx => $user) { |
|
424 |
$id = new enigma_userid(); |
|
425 |
$id->name = $user->getName(); |
|
426 |
$id->comment = $user->getComment(); |
|
427 |
$id->email = $user->getEmail(); |
|
428 |
$id->valid = $user->isValid(); |
|
429 |
$id->revoked = $user->isRevoked(); |
|
430 |
|
|
431 |
$ekey->users[$idx] = $id; |
|
432 |
} |
3e98f8
|
433 |
|
48e9c1
|
434 |
$ekey->name = trim($ekey->users[0]->name . ' <' . $ekey->users[0]->email . '>'); |
T |
435 |
|
|
436 |
foreach ($key->getSubKeys() as $idx => $subkey) { |
d5501a
|
437 |
$skey = new enigma_subkey(); |
AM |
438 |
$skey->id = $subkey->getId(); |
|
439 |
$skey->revoked = $subkey->isRevoked(); |
|
440 |
$skey->created = $subkey->getCreationDate(); |
|
441 |
$skey->expires = $subkey->getExpirationDate(); |
|
442 |
$skey->fingerprint = $subkey->getFingerprint(); |
|
443 |
$skey->has_private = $subkey->hasPrivate(); |
13eb9b
|
444 |
$skey->algorithm = $subkey->getAlgorithm(); |
AM |
445 |
$skey->length = $subkey->getLength(); |
c85242
|
446 |
$skey->usage = $subkey->usage(); |
48e9c1
|
447 |
|
d5501a
|
448 |
$ekey->subkeys[$idx] = $skey; |
48e9c1
|
449 |
}; |
3e98f8
|
450 |
|
48e9c1
|
451 |
$ekey->id = $ekey->subkeys[0]->id; |
3e98f8
|
452 |
|
48e9c1
|
453 |
return $ekey; |
T |
454 |
} |
|
455 |
} |