commit | author | age
|
48e9c1
|
1 |
<?php |
58c279
|
2 |
|
AM |
3 |
/** |
48e9c1
|
4 |
+-------------------------------------------------------------------------+ |
T |
5 |
| GnuPG (PGP) driver for the Enigma Plugin | |
|
6 |
| | |
a99c34
|
7 |
| Copyright (C) 2010-2015 The Roundcube Dev Team | |
48e9c1
|
8 |
| | |
a99c34
|
9 |
| Licensed under the GNU General Public License version 3 or | |
AM |
10 |
| any later version with exceptions for skins & plugins. | |
|
11 |
| See the README file for a full license statement. | |
48e9c1
|
12 |
| | |
T |
13 |
+-------------------------------------------------------------------------+ |
|
14 |
| Author: Aleksander Machniak <alec@alec.pl> | |
|
15 |
+-------------------------------------------------------------------------+ |
|
16 |
*/ |
|
17 |
|
|
18 |
require_once 'Crypt/GPG.php'; |
|
19 |
|
|
20 |
class enigma_driver_gnupg extends enigma_driver |
|
21 |
{ |
cffe97
|
22 |
protected $rc; |
AM |
23 |
protected $gpg; |
|
24 |
protected $homedir; |
|
25 |
protected $user; |
a99c34
|
26 |
|
48e9c1
|
27 |
|
T |
28 |
function __construct($user) |
|
29 |
{ |
0878c8
|
30 |
$this->rc = rcmail::get_instance(); |
48e9c1
|
31 |
$this->user = $user; |
T |
32 |
} |
|
33 |
|
|
34 |
/** |
|
35 |
* Driver initialization and environment checking. |
|
36 |
* Should only return critical errors. |
|
37 |
* |
|
38 |
* @return mixed NULL on success, enigma_error on failure |
|
39 |
*/ |
|
40 |
function init() |
|
41 |
{ |
0878c8
|
42 |
$homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . 'plugins/enigma/home'); |
6e4642
|
43 |
$debug = $this->rc->config->get('enigma_debug'); |
48e9c1
|
44 |
|
T |
45 |
if (!$homedir) |
cffe97
|
46 |
return new enigma_error(enigma_error::INTERNAL, |
48e9c1
|
47 |
"Option 'enigma_pgp_homedir' not specified"); |
T |
48 |
|
|
49 |
// check if homedir exists (create it if not) and is readable |
|
50 |
if (!file_exists($homedir)) |
cffe97
|
51 |
return new enigma_error(enigma_error::INTERNAL, |
48e9c1
|
52 |
"Keys directory doesn't exists: $homedir"); |
T |
53 |
if (!is_writable($homedir)) |
cffe97
|
54 |
return new enigma_error(enigma_error::INTERNAL, |
48e9c1
|
55 |
"Keys directory isn't writeable: $homedir"); |
T |
56 |
|
|
57 |
$homedir = $homedir . '/' . $this->user; |
|
58 |
|
|
59 |
// check if user's homedir exists (create it if not) and is readable |
|
60 |
if (!file_exists($homedir)) |
|
61 |
mkdir($homedir, 0700); |
|
62 |
|
|
63 |
if (!file_exists($homedir)) |
cffe97
|
64 |
return new enigma_error(enigma_error::INTERNAL, |
48e9c1
|
65 |
"Unable to create keys directory: $homedir"); |
T |
66 |
if (!is_writable($homedir)) |
cffe97
|
67 |
return new enigma_error(enigma_error::INTERNAL, |
48e9c1
|
68 |
"Unable to write to keys directory: $homedir"); |
T |
69 |
|
|
70 |
$this->homedir = $homedir; |
|
71 |
|
|
72 |
// Create Crypt_GPG object |
|
73 |
try { |
3e98f8
|
74 |
$this->gpg = new Crypt_GPG(array( |
48e9c1
|
75 |
'homedir' => $this->homedir, |
0878c8
|
76 |
// 'binary' => '/usr/bin/gpg2', |
6e4642
|
77 |
'debug' => $debug ? array($this, 'debug') : false, |
48e9c1
|
78 |
)); |
T |
79 |
} |
|
80 |
catch (Exception $e) { |
|
81 |
return $this->get_error_from_exception($e); |
|
82 |
} |
|
83 |
} |
|
84 |
|
a99c34
|
85 |
/** |
cffe97
|
86 |
* Encryption. |
a99c34
|
87 |
* |
cffe97
|
88 |
* @param string Message body |
AM |
89 |
* @param array List of key-password mapping |
|
90 |
* |
|
91 |
* @return mixed Encrypted message or enigma_error on failure |
a99c34
|
92 |
*/ |
48e9c1
|
93 |
function encrypt($text, $keys) |
T |
94 |
{ |
a99c34
|
95 |
try { |
AM |
96 |
foreach ($keys as $key) { |
|
97 |
$this->gpg->addEncryptKey($key); |
|
98 |
} |
|
99 |
|
cffe97
|
100 |
return $this->gpg->encrypt($text, true); |
3e98f8
|
101 |
} |
a99c34
|
102 |
catch (Exception $e) { |
AM |
103 |
return $this->get_error_from_exception($e); |
|
104 |
} |
48e9c1
|
105 |
} |
T |
106 |
|
0878c8
|
107 |
/** |
a99c34
|
108 |
* Decrypt a message |
0878c8
|
109 |
* |
AM |
110 |
* @param string Encrypted message |
|
111 |
* @param array List of key-password mapping |
cffe97
|
112 |
* |
AM |
113 |
* @return mixed Decrypted message or enigma_error on failure |
0878c8
|
114 |
*/ |
AM |
115 |
function decrypt($text, $keys = array()) |
48e9c1
|
116 |
{ |
T |
117 |
try { |
a99c34
|
118 |
foreach ($keys as $key => $password) { |
AM |
119 |
$this->gpg->addDecryptKey($key, $password); |
|
120 |
} |
|
121 |
|
cffe97
|
122 |
return $this->gpg->decrypt($text); |
48e9c1
|
123 |
} |
T |
124 |
catch (Exception $e) { |
|
125 |
return $this->get_error_from_exception($e); |
|
126 |
} |
|
127 |
} |
|
128 |
|
cffe97
|
129 |
/** |
AM |
130 |
* Signing. |
|
131 |
* |
|
132 |
* @param string Message body |
|
133 |
* @param string Key ID |
|
134 |
* @param string Key password |
|
135 |
* @param int Signing mode (enigma_engine::SIGN_*) |
|
136 |
* |
|
137 |
* @return mixed True on success or enigma_error on failure |
|
138 |
*/ |
a99c34
|
139 |
function sign($text, $key, $passwd, $mode = null) |
48e9c1
|
140 |
{ |
a99c34
|
141 |
try { |
AM |
142 |
$this->gpg->addSignKey($key, $passwd); |
|
143 |
return $this->gpg->sign($text, $mode, CRYPT_GPG::ARMOR_ASCII, true); |
|
144 |
} |
|
145 |
catch (Exception $e) { |
|
146 |
return $this->get_error_from_exception($e); |
|
147 |
} |
48e9c1
|
148 |
} |
T |
149 |
|
cffe97
|
150 |
/** |
AM |
151 |
* Signature verification. |
|
152 |
* |
|
153 |
* @param string Message body |
|
154 |
* @param string Signature, if message is of type PGP/MIME and body doesn't contain it |
|
155 |
* |
|
156 |
* @return mixed Signature information (enigma_signature) or enigma_error |
|
157 |
*/ |
48e9c1
|
158 |
function verify($text, $signature) |
T |
159 |
{ |
|
160 |
try { |
3e98f8
|
161 |
$verified = $this->gpg->verify($text, $signature); |
AM |
162 |
return $this->parse_signature($verified[0]); |
48e9c1
|
163 |
} |
T |
164 |
catch (Exception $e) { |
|
165 |
return $this->get_error_from_exception($e); |
|
166 |
} |
|
167 |
} |
|
168 |
|
cffe97
|
169 |
/** |
AM |
170 |
* Key file import. |
|
171 |
* |
|
172 |
* @param string File name or file content |
|
173 |
* @param bollean True if first argument is a filename |
|
174 |
* |
|
175 |
* @return mixed Import status array or enigma_error |
|
176 |
*/ |
48e9c1
|
177 |
public function import($content, $isfile=false) |
T |
178 |
{ |
|
179 |
try { |
|
180 |
if ($isfile) |
|
181 |
return $this->gpg->importKeyFile($content); |
|
182 |
else |
|
183 |
return $this->gpg->importKey($content); |
|
184 |
} |
|
185 |
catch (Exception $e) { |
|
186 |
return $this->get_error_from_exception($e); |
|
187 |
} |
|
188 |
} |
3e98f8
|
189 |
|
cffe97
|
190 |
/** |
AM |
191 |
* Key export. |
|
192 |
* |
|
193 |
* @param string Key ID |
|
194 |
* |
|
195 |
* @return mixed Key content or enigma_error |
|
196 |
*/ |
211929
|
197 |
public function export($keyid) |
AM |
198 |
{ |
|
199 |
try { |
|
200 |
return $this->gpg->exportPublicKey($keyid, true); |
|
201 |
} |
|
202 |
catch (Exception $e) { |
|
203 |
return $this->get_error_from_exception($e); |
|
204 |
} |
|
205 |
} |
|
206 |
|
cffe97
|
207 |
/** |
AM |
208 |
* Keys listing. |
|
209 |
* |
|
210 |
* @param string Optional pattern for key ID, user ID or fingerprint |
|
211 |
* |
|
212 |
* @return mixed Array of enigma_key objects or enigma_error |
|
213 |
*/ |
48e9c1
|
214 |
public function list_keys($pattern='') |
T |
215 |
{ |
|
216 |
try { |
3e98f8
|
217 |
$keys = $this->gpg->getKeys($pattern); |
48e9c1
|
218 |
$result = array(); |
0878c8
|
219 |
|
48e9c1
|
220 |
foreach ($keys as $idx => $key) { |
T |
221 |
$result[] = $this->parse_key($key); |
|
222 |
unset($keys[$idx]); |
|
223 |
} |
0878c8
|
224 |
|
3e98f8
|
225 |
return $result; |
48e9c1
|
226 |
} |
T |
227 |
catch (Exception $e) { |
|
228 |
return $this->get_error_from_exception($e); |
|
229 |
} |
|
230 |
} |
3e98f8
|
231 |
|
cffe97
|
232 |
/** |
AM |
233 |
* Single key information. |
|
234 |
* |
|
235 |
* @param string Key ID, user ID or fingerprint |
|
236 |
* |
|
237 |
* @return mixed Key (enigma_key) object or enigma_error |
|
238 |
*/ |
48e9c1
|
239 |
public function get_key($keyid) |
T |
240 |
{ |
|
241 |
$list = $this->list_keys($keyid); |
|
242 |
|
d5501a
|
243 |
if (is_array($list)) { |
AM |
244 |
return $list[key($list)]; |
|
245 |
} |
48e9c1
|
246 |
|
3e98f8
|
247 |
// error |
48e9c1
|
248 |
return $list; |
T |
249 |
} |
|
250 |
|
a0dfcb
|
251 |
/** |
AM |
252 |
* Key pair generation. |
|
253 |
* |
|
254 |
* @param array Key/User data (user, email, password, size) |
|
255 |
* |
|
256 |
* @return mixed Key (enigma_key) object or enigma_error |
|
257 |
*/ |
48e9c1
|
258 |
public function gen_key($data) |
T |
259 |
{ |
a0dfcb
|
260 |
try { |
6e4642
|
261 |
$debug = $this->rc->config->get('enigma_debug'); |
a0dfcb
|
262 |
$keygen = new Crypt_GPG_KeyGenerator(array( |
AM |
263 |
'homedir' => $this->homedir, |
|
264 |
// 'binary' => '/usr/bin/gpg2', |
6e4642
|
265 |
'debug' => $debug ? array($this, 'debug') : false, |
a0dfcb
|
266 |
)); |
AM |
267 |
|
|
268 |
$key = $keygen |
|
269 |
->setExpirationDate(0) |
|
270 |
->setPassphrase($data['password']) |
|
271 |
->generateKey($data['user'], $data['email']); |
|
272 |
|
|
273 |
return $this->parse_key($key); |
|
274 |
} |
|
275 |
catch (Exception $e) { |
|
276 |
return $this->get_error_from_exception($e); |
|
277 |
} |
48e9c1
|
278 |
} |
T |
279 |
|
cffe97
|
280 |
/** |
AM |
281 |
* Key deletion. |
|
282 |
* |
|
283 |
* @param string Key ID |
|
284 |
* |
|
285 |
* @return mixed True on success or enigma_error |
|
286 |
*/ |
0878c8
|
287 |
public function delete_key($keyid) |
48e9c1
|
288 |
{ |
0878c8
|
289 |
// delete public key |
AM |
290 |
$result = $this->delete_pubkey($keyid); |
|
291 |
|
d5501a
|
292 |
// error handling |
AM |
293 |
if ($result !== true) { |
|
294 |
$code = $result->getCode(); |
|
295 |
|
|
296 |
// if not found, delete private key |
cffe97
|
297 |
if ($code == enigma_error::KEYNOTFOUND) { |
d5501a
|
298 |
$result = $this->delete_privkey($keyid); |
AM |
299 |
} |
|
300 |
// need to delete private key first |
cffe97
|
301 |
else if ($code == enigma_error::DELKEY) { |
d5501a
|
302 |
$key = $this->get_key($keyid); |
AM |
303 |
for ($i = count($key->subkeys) - 1; $i >= 0; $i--) { |
13eb9b
|
304 |
$type = ($key->subkeys[$i]->usage & enigma_key::CAN_ENCRYPT) ? 'priv' : 'pub'; |
d5501a
|
305 |
$result = $this->{'delete_' . $type . 'key'}($key->subkeys[$i]->id); |
AM |
306 |
if ($result !== true) { |
|
307 |
return $result; |
|
308 |
} |
|
309 |
} |
|
310 |
} |
0878c8
|
311 |
} |
AM |
312 |
|
|
313 |
return $result; |
48e9c1
|
314 |
} |
3e98f8
|
315 |
|
cffe97
|
316 |
/** |
AM |
317 |
* Private key deletion. |
|
318 |
*/ |
|
319 |
protected function delete_privkey($keyid) |
48e9c1
|
320 |
{ |
T |
321 |
try { |
3e98f8
|
322 |
$this->gpg->deletePrivateKey($keyid); |
48e9c1
|
323 |
return true; |
T |
324 |
} |
|
325 |
catch (Exception $e) { |
|
326 |
return $this->get_error_from_exception($e); |
|
327 |
} |
|
328 |
} |
|
329 |
|
cffe97
|
330 |
/** |
AM |
331 |
* Public key deletion. |
|
332 |
*/ |
|
333 |
protected function delete_pubkey($keyid) |
48e9c1
|
334 |
{ |
T |
335 |
try { |
3e98f8
|
336 |
$this->gpg->deletePublicKey($keyid); |
48e9c1
|
337 |
return true; |
T |
338 |
} |
|
339 |
catch (Exception $e) { |
|
340 |
return $this->get_error_from_exception($e); |
|
341 |
} |
|
342 |
} |
3e98f8
|
343 |
|
48e9c1
|
344 |
/** |
T |
345 |
* Converts Crypt_GPG exception into Enigma's error object |
|
346 |
* |
|
347 |
* @param mixed Exception object |
|
348 |
* |
|
349 |
* @return enigma_error Error object |
|
350 |
*/ |
cffe97
|
351 |
protected function get_error_from_exception($e) |
48e9c1
|
352 |
{ |
T |
353 |
$data = array(); |
|
354 |
|
|
355 |
if ($e instanceof Crypt_GPG_KeyNotFoundException) { |
cffe97
|
356 |
$error = enigma_error::KEYNOTFOUND; |
48e9c1
|
357 |
$data['id'] = $e->getKeyId(); |
T |
358 |
} |
|
359 |
else if ($e instanceof Crypt_GPG_BadPassphraseException) { |
cffe97
|
360 |
$error = enigma_error::BADPASS; |
48e9c1
|
361 |
$data['bad'] = $e->getBadPassphrases(); |
T |
362 |
$data['missing'] = $e->getMissingPassphrases(); |
|
363 |
} |
a0dfcb
|
364 |
else if ($e instanceof Crypt_GPG_NoDataException) { |
cffe97
|
365 |
$error = enigma_error::NODATA; |
a0dfcb
|
366 |
} |
AM |
367 |
else if ($e instanceof Crypt_GPG_DeletePrivateKeyException) { |
cffe97
|
368 |
$error = enigma_error::DELKEY; |
a0dfcb
|
369 |
} |
AM |
370 |
else { |
cffe97
|
371 |
$error = enigma_error::INTERNAL; |
a0dfcb
|
372 |
} |
48e9c1
|
373 |
|
T |
374 |
$msg = $e->getMessage(); |
|
375 |
|
|
376 |
return new enigma_error($error, $msg, $data); |
|
377 |
} |
|
378 |
|
|
379 |
/** |
|
380 |
* Converts Crypt_GPG_Signature object into Enigma's signature object |
|
381 |
* |
|
382 |
* @param Crypt_GPG_Signature Signature object |
|
383 |
* |
|
384 |
* @return enigma_signature Signature object |
|
385 |
*/ |
cffe97
|
386 |
protected function parse_signature($sig) |
48e9c1
|
387 |
{ |
T |
388 |
$user = $sig->getUserId(); |
|
389 |
|
|
390 |
$data = new enigma_signature(); |
|
391 |
$data->id = $sig->getId(); |
|
392 |
$data->valid = $sig->isValid(); |
|
393 |
$data->fingerprint = $sig->getKeyFingerprint(); |
|
394 |
$data->created = $sig->getCreationDate(); |
|
395 |
$data->expires = $sig->getExpirationDate(); |
|
396 |
$data->name = $user->getName(); |
|
397 |
$data->comment = $user->getComment(); |
|
398 |
$data->email = $user->getEmail(); |
|
399 |
|
|
400 |
return $data; |
|
401 |
} |
|
402 |
|
|
403 |
/** |
|
404 |
* Converts Crypt_GPG_Key object into Enigma's key object |
|
405 |
* |
|
406 |
* @param Crypt_GPG_Key Key object |
|
407 |
* |
|
408 |
* @return enigma_key Key object |
|
409 |
*/ |
cffe97
|
410 |
protected function parse_key($key) |
48e9c1
|
411 |
{ |
T |
412 |
$ekey = new enigma_key(); |
|
413 |
|
|
414 |
foreach ($key->getUserIds() as $idx => $user) { |
|
415 |
$id = new enigma_userid(); |
|
416 |
$id->name = $user->getName(); |
|
417 |
$id->comment = $user->getComment(); |
|
418 |
$id->email = $user->getEmail(); |
|
419 |
$id->valid = $user->isValid(); |
|
420 |
$id->revoked = $user->isRevoked(); |
|
421 |
|
|
422 |
$ekey->users[$idx] = $id; |
|
423 |
} |
3e98f8
|
424 |
|
48e9c1
|
425 |
$ekey->name = trim($ekey->users[0]->name . ' <' . $ekey->users[0]->email . '>'); |
T |
426 |
|
|
427 |
foreach ($key->getSubKeys() as $idx => $subkey) { |
d5501a
|
428 |
$skey = new enigma_subkey(); |
AM |
429 |
$skey->id = $subkey->getId(); |
|
430 |
$skey->revoked = $subkey->isRevoked(); |
|
431 |
$skey->created = $subkey->getCreationDate(); |
|
432 |
$skey->expires = $subkey->getExpirationDate(); |
|
433 |
$skey->fingerprint = $subkey->getFingerprint(); |
|
434 |
$skey->has_private = $subkey->hasPrivate(); |
13eb9b
|
435 |
$skey->algorithm = $subkey->getAlgorithm(); |
AM |
436 |
$skey->length = $subkey->getLength(); |
c85242
|
437 |
$skey->usage = $subkey->usage(); |
48e9c1
|
438 |
|
d5501a
|
439 |
$ekey->subkeys[$idx] = $skey; |
48e9c1
|
440 |
}; |
3e98f8
|
441 |
|
48e9c1
|
442 |
$ekey->id = $ekey->subkeys[0]->id; |
3e98f8
|
443 |
|
48e9c1
|
444 |
return $ekey; |
T |
445 |
} |
6e4642
|
446 |
|
AM |
447 |
/** |
|
448 |
* Write debug info from Crypt_GPG to logs/enigma |
|
449 |
*/ |
|
450 |
public function debug($line) |
|
451 |
{ |
|
452 |
rcube::write_log('enigma', 'GPG: ' . $line); |
|
453 |
} |
48e9c1
|
454 |
} |