1 files changed, 67 insertions, 73 deletions

diff --git a/plugins/OStatus/classes/Magicsig.php b/plugins/OStatus/classes/Magicsig.php
index 5a46aeeb6..f8c56a05f 100644
--- a/plugins/OStatus/classes/Magicsig.php
+++ b/plugins/OStatus/classes/Magicsig.php
@@ -40,8 +40,9 @@ class Magicsig extends Memcached_DataObject
     public $keypair;
     public $alg;
     
-    private $_rsa;
-
+    public $publicKey;
+    public $privateKey;
+    
     public function __construct($alg = 'RSA-SHA256')
     {
         $this->alg = $alg;
@@ -51,7 +52,15 @@ class Magicsig extends Memcached_DataObject
     {
         $obj =  parent::staticGet(__CLASS__, $k, $v);
         if (!empty($obj)) {
-            return Magicsig::fromString($obj->keypair);
+            $obj = Magicsig::fromString($obj->keypair);
+
+            // Double check keys: Crypt_RSA did not
+            // consistently generate good keypairs.
+            // We've also moved to 1024 bit keys.
+            if (strlen($obj->publicKey->modulus->toBits()) != 1024) {
+                $obj->delete();
+                return false;
+            }
         }
 
         return $obj;
@@ -70,9 +79,9 @@ class Magicsig extends Memcached_DataObject
     static function schemaDef()
     {
         return array(new ColumnDef('user_id', 'integer',
-                                   null, true, 'PRI'),
-                     new ColumnDef('keypair', 'varchar',
-                                   255, false),
+                                   null, false, 'PRI'),
+                     new ColumnDef('keypair', 'text',
+                                   false, false),
                      new ColumnDef('alg', 'varchar',
                                    64, false));
     }
@@ -99,17 +108,20 @@ class Magicsig extends Memcached_DataObject
         return parent::insert();
     }
 
-    public function generate($user_id, $key_length = 512)
+    public function generate($user_id)
     {
-        PEAR::pushErrorHandling(PEAR_ERROR_RETURN);
+        $rsa = new Crypt_RSA();
+        
+        $keypair = $rsa->createKey();
 
-        $keypair = new Crypt_RSA_KeyPair($key_length);
-        $params['public_key'] = $keypair->getPublicKey();
-        $params['private_key'] = $keypair->getPrivateKey();
+        $rsa->loadKey($keypair['privatekey']);
 
-        $this->_rsa = new Crypt_RSA($params);
-        PEAR::popErrorHandling();
+        $this->privateKey = new Crypt_RSA();
+        $this->privateKey->loadKey($keypair['privatekey']);
 
+        $this->publicKey = new Crypt_RSA();
+        $this->publicKey->loadKey($keypair['publickey']);
+        
         $this->user_id = $user_id;
         $this->insert();
     }
@@ -117,14 +129,11 @@ class Magicsig extends Memcached_DataObject
 
     public function toString($full_pair = true)
     {
-        $public_key = $this->_rsa->_public_key;
-        $private_key = $this->_rsa->_private_key;
-
-        $mod = base64_url_encode($public_key->getModulus());
-        $exp = base64_url_encode($public_key->getExponent());
+        $mod = Magicsig::base64_url_encode($this->publicKey->modulus->toBytes());
+        $exp = Magicsig::base64_url_encode($this->publicKey->exponent->toBytes());
         $private_exp = '';
-        if ($full_pair && $private_key->getExponent()) {
-            $private_exp = '.' . base64_url_encode($private_key->getExponent());
+        if ($full_pair && $this->privateKey->exponent->toBytes()) {
+            $private_exp = '.' . Magicsig::base64_url_encode($this->privateKey->exponent->toBytes());
         }
 
         return 'RSA.' . $mod . '.' . $exp . $private_exp; 
@@ -132,8 +141,6 @@ class Magicsig extends Memcached_DataObject
     
     public static function fromString($text)
     {
-        PEAR::pushErrorHandling(PEAR_ERROR_RETURN);
-
         $magic_sig = new Magicsig();
         
         // remove whitespace
@@ -144,35 +151,40 @@ class Magicsig extends Memcached_DataObject
             return false;
         }
         
-        $mod = base64_url_decode($matches[1]);
-        $exp = base64_url_decode($matches[2]);
+        $mod = $matches[1];
+        $exp = $matches[2];
         if (!empty($matches[4])) {
-            $private_exp = base64_url_decode($matches[4]);
+            $private_exp = $matches[4];
         } else {
             $private_exp = false;
         }
 
-        $params['public_key'] = new Crypt_RSA_KEY($mod, $exp, 'public');
-        if ($params['public_key']->isError()) {
-            $error = $params['public_key']->getLastError();
-            common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage());
-            return false;
-        }
+        $magic_sig->loadKey($mod, $exp, 'public');
         if ($private_exp) {
-            $params['private_key'] = new Crypt_RSA_KEY($mod, $private_exp, 'private');
-            if ($params['private_key']->isError()) {
-                $error = $params['private_key']->getLastError();
-                common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage());
-                return false;
-            }
+            $magic_sig->loadKey($mod, $private_exp, 'private');
         }
 
-        $magic_sig->_rsa = new Crypt_RSA($params);
-        PEAR::popErrorHandling();
-
         return $magic_sig;
     }
 
+    public function loadKey($mod, $exp, $type = 'public')
+    {
+        common_log(LOG_DEBUG, "Adding ".$type." key: (".$mod .', '. $exp .")");
+
+        $rsa = new Crypt_RSA();
+        $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
+        $rsa->setHash('sha256');
+        $rsa->modulus = new Math_BigInteger(Magicsig::base64_url_decode($mod), 256);
+        $rsa->k = strlen($rsa->modulus->toBytes());
+        $rsa->exponent = new Math_BigInteger(Magicsig::base64_url_decode($exp), 256);
+
+        if ($type == 'private') {
+            $this->privateKey = $rsa;
+        } else {
+            $this->publicKey = $rsa;
+        }
+    }
+    
     public function getName()
     {
         return $this->alg;
@@ -183,51 +195,33 @@ class Magicsig extends Memcached_DataObject
         switch ($this->alg) {
 
         case 'RSA-SHA256':
-            return 'magicsig_sha256';
+            return 'sha256';
         }
 
     }
     
     public function sign($bytes)
     {
-        $hash = $this->getHash();
-        $sig = $this->_rsa->createSign($bytes, null, $hash);
-        if ($this->_rsa->isError()) {
-            $error = $this->_rsa->getLastError();
-            common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage());
-            return false;
-        }
-
-        return $sig;
+        $sig = $this->privateKey->sign($bytes);
+        return Magicsig::base64_url_encode($sig);
     }
 
     public function verify($signed_bytes, $signature)
     {
-        $hash = $this->getHash();
-        $result =  $this->_rsa->validateSign($signed_bytes, $signature, null, $hash);
-        if ($this->_rsa->isError()) {
-            $error = $this->keypair->getLastError();
-            common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage());
-            return false;
-        }
-        return $result;
+        $signature = Magicsig::base64_url_decode($signature);
+        return $this->publicKey->verify($signed_bytes, $signature);
     }
-        
-}
 
-// Define a sha256 function for hashing
-// (Crypt_RSA should really be updated to use hash() )
-function magicsig_sha256($bytes)
-{
-    return hash('sha256', $bytes);
-}
 
-function base64_url_encode($input)
-{
-    return strtr(base64_encode($input), '+/', '-_');
+    public static function base64_url_encode($input)
+    {
+        return strtr(base64_encode($input), '+/', '-_');
+    }
+
+    public static function base64_url_decode($input)
+    {
+        return base64_decode(strtr($input, '-_', '+/'));
+    }
 }
 
-function base64_url_decode($input)
-{
-    return base64_decode(strtr($input, '-_', '+/'));
-}
\ No newline at end of file
+