| commit | author | age | ||
| 48e9c1 | 1 | <?php |
| 58c279 | 2 | |
| AM | 3 | /** |
| 48e9c1 | 4 | +-------------------------------------------------------------------------+ |
| T | 5 | | GnuPG (PGP) driver for the Enigma Plugin | |
| 6 | | | | |
| a99c34 | 7 | | Copyright (C) 2010-2015 The Roundcube Dev Team | |
| 48e9c1 | 8 | | | |
| a99c34 | 9 | | Licensed under the GNU General Public License version 3 or | |
| AM | 10 | | any later version with exceptions for skins & plugins. | |
| 11 | | See the README file for a full license statement. | | |
| 48e9c1 | 12 | | | |
| T | 13 | +-------------------------------------------------------------------------+ |
| 14 | | Author: Aleksander Machniak <alec@alec.pl> | | |
| 15 | +-------------------------------------------------------------------------+ | |
| 16 | */ | |
| 17 | ||
| 18 | require_once 'Crypt/GPG.php'; | |
| 19 | ||
| 20 | class enigma_driver_gnupg extends enigma_driver | |
| 21 | { | |
| cffe97 | 22 | protected $rc; |
| AM | 23 | protected $gpg; |
| 24 | protected $homedir; | |
| 25 | protected $user; | |
| a99c34 | 26 | |
| 48e9c1 | 27 | |
| T | 28 | function __construct($user) |
| 29 | { | |
| 0878c8 | 30 | $this->rc = rcmail::get_instance(); |
| 48e9c1 | 31 | $this->user = $user; |
| T | 32 | } |
| 33 | ||
| 34 | /** | |
| 35 | * Driver initialization and environment checking. | |
| 36 | * Should only return critical errors. | |
| 37 | * | |
| 38 | * @return mixed NULL on success, enigma_error on failure | |
| 39 | */ | |
| 40 | function init() | |
| 41 | { | |
| 0878c8 | 42 | $homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . 'plugins/enigma/home'); |
| 48e9c1 | 43 | |
| T | 44 | if (!$homedir) |
| cffe97 | 45 | return new enigma_error(enigma_error::INTERNAL, |
| 48e9c1 | 46 | "Option 'enigma_pgp_homedir' not specified"); |
| T | 47 | |
| 48 | // check if homedir exists (create it if not) and is readable | |
| 49 | if (!file_exists($homedir)) | |
| cffe97 | 50 | return new enigma_error(enigma_error::INTERNAL, |
| 48e9c1 | 51 | "Keys directory doesn't exists: $homedir"); |
| T | 52 | if (!is_writable($homedir)) |
| cffe97 | 53 | return new enigma_error(enigma_error::INTERNAL, |
| 48e9c1 | 54 | "Keys directory isn't writeable: $homedir"); |
| T | 55 | |
| 56 | $homedir = $homedir . '/' . $this->user; | |
| 57 | ||
| 58 | // check if user's homedir exists (create it if not) and is readable | |
| 59 | if (!file_exists($homedir)) | |
| 60 | mkdir($homedir, 0700); | |
| 61 | ||
| 62 | if (!file_exists($homedir)) | |
| cffe97 | 63 | return new enigma_error(enigma_error::INTERNAL, |
| 48e9c1 | 64 | "Unable to create keys directory: $homedir"); |
| T | 65 | if (!is_writable($homedir)) |
| cffe97 | 66 | return new enigma_error(enigma_error::INTERNAL, |
| 48e9c1 | 67 | "Unable to write to keys directory: $homedir"); |
| T | 68 | |
| 69 | $this->homedir = $homedir; | |
| 70 | ||
| 71 | // Create Crypt_GPG object | |
| 72 | try { | |
| 3e98f8 | 73 | $this->gpg = new Crypt_GPG(array( |
| 48e9c1 | 74 | 'homedir' => $this->homedir, |
| 0878c8 | 75 | // 'binary' => '/usr/bin/gpg2', |
| AM | 76 | // 'debug' => true, |
| 48e9c1 | 77 | )); |
| T | 78 | } |
| 79 | catch (Exception $e) { | |
| 80 | return $this->get_error_from_exception($e); | |
| 81 | } | |
| 82 | } | |
| 83 | ||
| a99c34 | 84 | /** |
| cffe97 | 85 | * Encryption. |
| a99c34 | 86 | * |
| cffe97 | 87 | * @param string Message body |
| AM | 88 | * @param array List of key-password mapping |
| 89 | * | |
| 90 | * @return mixed Encrypted message or enigma_error on failure | |
| a99c34 | 91 | */ |
| 48e9c1 | 92 | function encrypt($text, $keys) |
| T | 93 | { |
| a99c34 | 94 | try { |
| AM | 95 | foreach ($keys as $key) { |
| 96 | $this->gpg->addEncryptKey($key); | |
| 97 | } | |
| 98 | ||
| cffe97 | 99 | return $this->gpg->encrypt($text, true); |
| 3e98f8 | 100 | } |
| a99c34 | 101 | catch (Exception $e) { |
| AM | 102 | return $this->get_error_from_exception($e); |
| 103 | } | |
| 48e9c1 | 104 | } |
| T | 105 | |
| 0878c8 | 106 | /** |
| a99c34 | 107 | * Decrypt a message |
| 0878c8 | 108 | * |
| AM | 109 | * @param string Encrypted message |
| 110 | * @param array List of key-password mapping | |
| cffe97 | 111 | * |
| AM | 112 | * @return mixed Decrypted message or enigma_error on failure |
| 0878c8 | 113 | */ |
| AM | 114 | function decrypt($text, $keys = array()) |
| 48e9c1 | 115 | { |
| T | 116 | try { |
| a99c34 | 117 | foreach ($keys as $key => $password) { |
| AM | 118 | $this->gpg->addDecryptKey($key, $password); |
| 119 | } | |
| 120 | ||
| cffe97 | 121 | return $this->gpg->decrypt($text); |
| 48e9c1 | 122 | } |
| T | 123 | catch (Exception $e) { |
| 124 | return $this->get_error_from_exception($e); | |
| 125 | } | |
| 126 | } | |
| 127 | ||
| cffe97 | 128 | /** |
| AM | 129 | * Signing. |
| 130 | * | |
| 131 | * @param string Message body | |
| 132 | * @param string Key ID | |
| 133 | * @param string Key password | |
| 134 | * @param int Signing mode (enigma_engine::SIGN_*) | |
| 135 | * | |
| 136 | * @return mixed True on success or enigma_error on failure | |
| 137 | */ | |
| a99c34 | 138 | function sign($text, $key, $passwd, $mode = null) |
| 48e9c1 | 139 | { |
| a99c34 | 140 | try { |
| AM | 141 | $this->gpg->addSignKey($key, $passwd); |
| 142 | return $this->gpg->sign($text, $mode, CRYPT_GPG::ARMOR_ASCII, true); | |
| 143 | } | |
| 144 | catch (Exception $e) { | |
| 145 | return $this->get_error_from_exception($e); | |
| 146 | } | |
| 48e9c1 | 147 | } |
| T | 148 | |
| cffe97 | 149 | /** |
| AM | 150 | * Signature verification. |
| 151 | * | |
| 152 | * @param string Message body | |
| 153 | * @param string Signature, if message is of type PGP/MIME and body doesn't contain it | |
| 154 | * | |
| 155 | * @return mixed Signature information (enigma_signature) or enigma_error | |
| 156 | */ | |
| 48e9c1 | 157 | function verify($text, $signature) |
| T | 158 | { |
| 159 | try { | |
| 3e98f8 | 160 | $verified = $this->gpg->verify($text, $signature); |
| AM | 161 | return $this->parse_signature($verified[0]); |
| 48e9c1 | 162 | } |
| T | 163 | catch (Exception $e) { |
| 164 | return $this->get_error_from_exception($e); | |
| 165 | } | |
| 166 | } | |
| 167 | ||
| cffe97 | 168 | /** |
| AM | 169 | * Key file import. |
| 170 | * | |
| 171 | * @param string File name or file content | |
| 172 | * @param bollean True if first argument is a filename | |
| 173 | * | |
| 174 | * @return mixed Import status array or enigma_error | |
| 175 | */ | |
| 48e9c1 | 176 | public function import($content, $isfile=false) |
| T | 177 | { |
| 178 | try { | |
| 179 | if ($isfile) | |
| 180 | return $this->gpg->importKeyFile($content); | |
| 181 | else | |
| 182 | return $this->gpg->importKey($content); | |
| 183 | } | |
| 184 | catch (Exception $e) { | |
| 185 | return $this->get_error_from_exception($e); | |
| 186 | } | |
| 187 | } | |
| 3e98f8 | 188 | |
| cffe97 | 189 | /** |
| AM | 190 | * Key export. |
| 191 | * | |
| 192 | * @param string Key ID | |
| 193 | * | |
| 194 | * @return mixed Key content or enigma_error | |
| 195 | */ | |
| 211929 | 196 | public function export($keyid) |
| AM | 197 | { |
| 198 | try { | |
| 199 | return $this->gpg->exportPublicKey($keyid, true); | |
| 200 | } | |
| 201 | catch (Exception $e) { | |
| 202 | return $this->get_error_from_exception($e); | |
| 203 | } | |
| 204 | } | |
| 205 | ||
| cffe97 | 206 | /** |
| AM | 207 | * Keys listing. |
| 208 | * | |
| 209 | * @param string Optional pattern for key ID, user ID or fingerprint | |
| 210 | * | |
| 211 | * @return mixed Array of enigma_key objects or enigma_error | |
| 212 | */ | |
| 48e9c1 | 213 | public function list_keys($pattern='') |
| T | 214 | { |
| 215 | try { | |
| 3e98f8 | 216 | $keys = $this->gpg->getKeys($pattern); |
| 48e9c1 | 217 | $result = array(); |
| 0878c8 | 218 | |
| 48e9c1 | 219 | foreach ($keys as $idx => $key) { |
| T | 220 | $result[] = $this->parse_key($key); |
| 221 | unset($keys[$idx]); | |
| 222 | } | |
| 0878c8 | 223 | |
| 3e98f8 | 224 | return $result; |
| 48e9c1 | 225 | } |
| T | 226 | catch (Exception $e) { |
| 227 | return $this->get_error_from_exception($e); | |
| 228 | } | |
| 229 | } | |
| 3e98f8 | 230 | |
| cffe97 | 231 | /** |
| AM | 232 | * Single key information. |
| 233 | * | |
| 234 | * @param string Key ID, user ID or fingerprint | |
| 235 | * | |
| 236 | * @return mixed Key (enigma_key) object or enigma_error | |
| 237 | */ | |
| 48e9c1 | 238 | public function get_key($keyid) |
| T | 239 | { |
| 240 | $list = $this->list_keys($keyid); | |
| 241 | ||
| d5501a | 242 | if (is_array($list)) { |
| AM | 243 | return $list[key($list)]; |
| 244 | } | |
| 48e9c1 | 245 | |
| 3e98f8 | 246 | // error |
| 48e9c1 | 247 | return $list; |
| T | 248 | } |
| 249 | ||
| a0dfcb | 250 | /** |
| AM | 251 | * Key pair generation. |
| 252 | * | |
| 253 | * @param array Key/User data (user, email, password, size) | |
| 254 | * | |
| 255 | * @return mixed Key (enigma_key) object or enigma_error | |
| 256 | */ | |
| 48e9c1 | 257 | public function gen_key($data) |
| T | 258 | { |
| a0dfcb | 259 | try { |
| AM | 260 | $keygen = new Crypt_GPG_KeyGenerator(array( |
| 261 | 'homedir' => $this->homedir, | |
| 262 | // 'binary' => '/usr/bin/gpg2', | |
| 263 | // 'debug' => true, | |
| 264 | )); | |
| 265 | ||
| 266 | $key = $keygen | |
| 267 | ->setExpirationDate(0) | |
| 268 | ->setPassphrase($data['password']) | |
| 269 | ->generateKey($data['user'], $data['email']); | |
| 270 | ||
| 271 | return $this->parse_key($key); | |
| 272 | } | |
| 273 | catch (Exception $e) { | |
| 274 | return $this->get_error_from_exception($e); | |
| 275 | } | |
| 48e9c1 | 276 | } |
| T | 277 | |
| cffe97 | 278 | /** |
| AM | 279 | * Key deletion. |
| 280 | * | |
| 281 | * @param string Key ID | |
| 282 | * | |
| 283 | * @return mixed True on success or enigma_error | |
| 284 | */ | |
| 0878c8 | 285 | public function delete_key($keyid) |
| 48e9c1 | 286 | { |
| 0878c8 | 287 | // delete public key |
| AM | 288 | $result = $this->delete_pubkey($keyid); |
| 289 | ||
| d5501a | 290 | // error handling |
| AM | 291 | if ($result !== true) { |
| 292 | $code = $result->getCode(); | |
| 293 | ||
| 294 | // if not found, delete private key | |
| cffe97 | 295 | if ($code == enigma_error::KEYNOTFOUND) { |
| d5501a | 296 | $result = $this->delete_privkey($keyid); |
| AM | 297 | } |
| 298 | // need to delete private key first | |
| cffe97 | 299 | else if ($code == enigma_error::DELKEY) { |
| d5501a | 300 | $key = $this->get_key($keyid); |
| AM | 301 | for ($i = count($key->subkeys) - 1; $i >= 0; $i--) { |
| 13eb9b | 302 | $type = ($key->subkeys[$i]->usage & enigma_key::CAN_ENCRYPT) ? 'priv' : 'pub'; |
| d5501a | 303 | $result = $this->{'delete_' . $type . 'key'}($key->subkeys[$i]->id); |
| AM | 304 | if ($result !== true) { |
| 305 | return $result; | |
| 306 | } | |
| 307 | } | |
| 308 | } | |
| 0878c8 | 309 | } |
| AM | 310 | |
| 311 | return $result; | |
| 48e9c1 | 312 | } |
| 3e98f8 | 313 | |
| cffe97 | 314 | /** |
| AM | 315 | * Private key deletion. |
| 316 | */ | |
| 317 | protected function delete_privkey($keyid) | |
| 48e9c1 | 318 | { |
| T | 319 | try { |
| 3e98f8 | 320 | $this->gpg->deletePrivateKey($keyid); |
| 48e9c1 | 321 | return true; |
| T | 322 | } |
| 323 | catch (Exception $e) { | |
| 324 | return $this->get_error_from_exception($e); | |
| 325 | } | |
| 326 | } | |
| 327 | ||
| cffe97 | 328 | /** |
| AM | 329 | * Public key deletion. |
| 330 | */ | |
| 331 | protected function delete_pubkey($keyid) | |
| 48e9c1 | 332 | { |
| T | 333 | try { |
| 3e98f8 | 334 | $this->gpg->deletePublicKey($keyid); |
| 48e9c1 | 335 | return true; |
| T | 336 | } |
| 337 | catch (Exception $e) { | |
| 338 | return $this->get_error_from_exception($e); | |
| 339 | } | |
| 340 | } | |
| 3e98f8 | 341 | |
| a9d399 | 342 | public function pubkey_for_attach($email) |
| KF | 343 | { |
| 344 | try { | |
| 345 | $pubkey = $this->gpg->exportPublicKey($email, true); | |
| 346 | return $pubkey; | |
| 347 | } | |
| 348 | catch (Exception $e) { | |
| 349 | return $this->get_error_from_exception($e); | |
| 350 | } | |
| 351 | } | |
| 352 | ||
| 48e9c1 | 353 | /** |
| T | 354 | * Converts Crypt_GPG exception into Enigma's error object |
| 355 | * | |
| 356 | * @param mixed Exception object | |
| 357 | * | |
| 358 | * @return enigma_error Error object | |
| 359 | */ | |
| cffe97 | 360 | protected function get_error_from_exception($e) |
| 48e9c1 | 361 | { |
| T | 362 | $data = array(); |
| 363 | ||
| 364 | if ($e instanceof Crypt_GPG_KeyNotFoundException) { | |
| cffe97 | 365 | $error = enigma_error::KEYNOTFOUND; |
| 48e9c1 | 366 | $data['id'] = $e->getKeyId(); |
| T | 367 | } |
| 368 | else if ($e instanceof Crypt_GPG_BadPassphraseException) { | |
| cffe97 | 369 | $error = enigma_error::BADPASS; |
| 48e9c1 | 370 | $data['bad'] = $e->getBadPassphrases(); |
| T | 371 | $data['missing'] = $e->getMissingPassphrases(); |
| 372 | } | |
| a0dfcb | 373 | else if ($e instanceof Crypt_GPG_NoDataException) { |
| cffe97 | 374 | $error = enigma_error::NODATA; |
| a0dfcb | 375 | } |
| AM | 376 | else if ($e instanceof Crypt_GPG_DeletePrivateKeyException) { |
| cffe97 | 377 | $error = enigma_error::DELKEY; |
| a0dfcb | 378 | } |
| AM | 379 | else { |
| cffe97 | 380 | $error = enigma_error::INTERNAL; |
| a0dfcb | 381 | } |
| 48e9c1 | 382 | |
| T | 383 | $msg = $e->getMessage(); |
| 384 | ||
| 385 | return new enigma_error($error, $msg, $data); | |
| 386 | } | |
| 387 | ||
| 388 | /** | |
| 389 | * Converts Crypt_GPG_Signature object into Enigma's signature object | |
| 390 | * | |
| 391 | * @param Crypt_GPG_Signature Signature object | |
| 392 | * | |
| 393 | * @return enigma_signature Signature object | |
| 394 | */ | |
| cffe97 | 395 | protected function parse_signature($sig) |
| 48e9c1 | 396 | { |
| T | 397 | $user = $sig->getUserId(); |
| 398 | ||
| 399 | $data = new enigma_signature(); | |
| 400 | $data->id = $sig->getId(); | |
| 401 | $data->valid = $sig->isValid(); | |
| 402 | $data->fingerprint = $sig->getKeyFingerprint(); | |
| 403 | $data->created = $sig->getCreationDate(); | |
| 404 | $data->expires = $sig->getExpirationDate(); | |
| 405 | $data->name = $user->getName(); | |
| 406 | $data->comment = $user->getComment(); | |
| 407 | $data->email = $user->getEmail(); | |
| 408 | ||
| 409 | return $data; | |
| 410 | } | |
| 411 | ||
| 412 | /** | |
| 413 | * Converts Crypt_GPG_Key object into Enigma's key object | |
| 414 | * | |
| 415 | * @param Crypt_GPG_Key Key object | |
| 416 | * | |
| 417 | * @return enigma_key Key object | |
| 418 | */ | |
| cffe97 | 419 | protected function parse_key($key) |
| 48e9c1 | 420 | { |
| T | 421 | $ekey = new enigma_key(); |
| 422 | ||
| 423 | foreach ($key->getUserIds() as $idx => $user) { | |
| 424 | $id = new enigma_userid(); | |
| 425 | $id->name = $user->getName(); | |
| 426 | $id->comment = $user->getComment(); | |
| 427 | $id->email = $user->getEmail(); | |
| 428 | $id->valid = $user->isValid(); | |
| 429 | $id->revoked = $user->isRevoked(); | |
| 430 | ||
| 431 | $ekey->users[$idx] = $id; | |
| 432 | } | |
| 3e98f8 | 433 | |
| 48e9c1 | 434 | $ekey->name = trim($ekey->users[0]->name . ' <' . $ekey->users[0]->email . '>'); |
| T | 435 | |
| 436 | foreach ($key->getSubKeys() as $idx => $subkey) { | |
| d5501a | 437 | $skey = new enigma_subkey(); |
| AM | 438 | $skey->id = $subkey->getId(); |
| 439 | $skey->revoked = $subkey->isRevoked(); | |
| 440 | $skey->created = $subkey->getCreationDate(); | |
| 441 | $skey->expires = $subkey->getExpirationDate(); | |
| 442 | $skey->fingerprint = $subkey->getFingerprint(); | |
| 443 | $skey->has_private = $subkey->hasPrivate(); | |
| 13eb9b | 444 | $skey->algorithm = $subkey->getAlgorithm(); |
| AM | 445 | $skey->length = $subkey->getLength(); |
| c85242 | 446 | $skey->usage = $subkey->usage(); |
| 48e9c1 | 447 | |
| d5501a | 448 | $ekey->subkeys[$idx] = $skey; |
| 48e9c1 | 449 | }; |
| 3e98f8 | 450 | |
| 48e9c1 | 451 | $ekey->id = $ekey->subkeys[0]->id; |
| 3e98f8 | 452 | |
| 48e9c1 | 453 | return $ekey; |
| T | 454 | } |
| 455 | } | |
