| +-------------------------------------------------------------------------+ */ /* RFC2440: OpenPGP Message Format RFC3156: MIME Security with OpenPGP RFC3851: S/MIME */ class enigma_engine { private $rc; private $enigma; private $pgp_driver; private $smime_driver; public $decryptions = array(); public $signatures = array(); public $signed_parts = array(); /** * Plugin initialization. */ function __construct($enigma) { $rcmail = rcmail::get_instance(); $this->rc = $rcmail; $this->enigma = $enigma; } /** * PGP driver initialization. */ function load_pgp_driver() { if ($this->pgp_driver) return; $driver = 'enigma_driver_' . $this->rc->config->get('enigma_pgp_driver', 'gnupg'); $username = $this->rc->user->get_username(); // Load driver $this->pgp_driver = new $driver($username); if (!$this->pgp_driver) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Enigma plugin: Unable to load PGP driver: $driver" ), true, true); } // Initialise driver $result = $this->pgp_driver->init(); if ($result instanceof enigma_error) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Enigma plugin: ".$result->getMessage() ), true, true); } } /** * S/MIME driver initialization. */ function load_smime_driver() { if ($this->smime_driver) return; $driver = 'enigma_driver_' . $this->rc->config->get('enigma_smime_driver', 'phpssl'); $username = $this->rc->user->get_username(); // Load driver $this->smime_driver = new $driver($username); if (!$this->smime_driver) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Enigma plugin: Unable to load S/MIME driver: $driver" ), true, true); } // Initialise driver $result = $this->smime_driver->init(); if ($result instanceof enigma_error) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Enigma plugin: ".$result->getMessage() ), true, true); } } /** * Handler for plain/text message. * * @param array Reference to hook's parameters */ function parse_plain(&$p) { $part = $p['structure']; // Get message body from IMAP server $this->set_part_body($part, $p['object']->uid); // @TODO: big message body can be a file resource // PGP signed message if (preg_match('/^-----BEGIN PGP SIGNED MESSAGE-----/', $part->body)) { $this->parse_plain_signed($p); } // PGP encrypted message else if (preg_match('/^-----BEGIN PGP MESSAGE-----/', $part->body)) { $this->parse_plain_encrypted($p); } } /** * Handler for multipart/signed message. * * @param array Reference to hook's parameters */ function parse_signed(&$p) { $struct = $p['structure']; // S/MIME if ($struct->parts[1] && $struct->parts[1]->mimetype == 'application/pkcs7-signature') { $this->parse_smime_signed($p); } // PGP/MIME: // The multipart/signed body MUST consist of exactly two parts. // The first part contains the signed data in MIME canonical format, // including a set of appropriate content headers describing the data. // The second body MUST contain the PGP digital signature. It MUST be // labeled with a content type of "application/pgp-signature". else if ($struct->parts[1] && $struct->parts[1]->mimetype == 'application/pgp-signature') { $this->parse_pgp_signed($p); } } /** * Handler for multipart/encrypted message. * * @param array Reference to hook's parameters */ function parse_encrypted(&$p) { $struct = $p['structure']; // S/MIME if ($struct->mimetype == 'application/pkcs7-mime') { $this->parse_smime_encrypted($p); } // PGP/MIME: // The multipart/encrypted MUST consist of exactly two parts. The first // MIME body part must have a content type of "application/pgp-encrypted". // This body contains the control information. // The second MIME body part MUST contain the actual encrypted data. It // must be labeled with a content type of "application/octet-stream". else if ($struct->parts[0] && $struct->parts[0]->mimetype == 'application/pgp-encrypted' && $struct->parts[1] && $struct->parts[1]->mimetype == 'application/octet-stream' ) { $this->parse_pgp_encrypted($p); } } /** * Handler for plain signed message. * Excludes message and signature bodies and verifies signature. * * @param array Reference to hook's parameters */ private function parse_plain_signed(&$p) { $this->load_pgp_driver(); $part = $p['structure']; // Verify signature if ($this->rc->action == 'show' || $this->rc->action == 'preview') { $sig = $this->pgp_verify($part->body); } // @TODO: Handle big bodies using (temp) files // In this way we can use fgets on string as on file handle $fh = fopen('php://memory', 'br+'); // @TODO: fopen/fwrite errors handling if ($fh) { fwrite($fh, $part->body); rewind($fh); } $part->body = null; // Extract body (and signature?) while (!feof($fh)) { $line = fgets($fh, 1024); if ($part->body === null) $part->body = ''; else if (preg_match('/^-----BEGIN PGP SIGNATURE-----/', $line)) break; else $part->body .= $line; } // Remove "Hash" Armor Headers $part->body = preg_replace('/^.*\r*\n\r*\n/', '', $part->body); // de-Dash-Escape (RFC2440) $part->body = preg_replace('/(^|\n)- -/', '\\1-', $part->body); // Store signature data for display if (!empty($sig)) { $this->signed_parts[$part->mime_id] = $part->mime_id; $this->signatures[$part->mime_id] = $sig; } fclose($fh); } /** * Handler for PGP/MIME signed message. * Verifies signature. * * @param array Reference to hook's parameters */ private function parse_pgp_signed(&$p) { // Verify signature if ($this->rc->action == 'show' || $this->rc->action == 'preview') { $this->load_pgp_driver(); $struct = $p['structure']; $msg_part = $struct->parts[0]; $sig_part = $struct->parts[1]; // Get bodies $this->set_part_body($msg_part, $p['object']->uid); $this->set_part_body($sig_part, $p['object']->uid); // Verify $sig = $this->pgp_verify($msg_part->body, $sig_part->body); // Store signature data for display $this->signatures[$struct->mime_id] = $sig; // Message can be multipart (assign signature to each subpart) if (!empty($msg_part->parts)) { foreach ($msg_part->parts as $part) $this->signed_parts[$part->mime_id] = $struct->mime_id; } else $this->signed_parts[$msg_part->mime_id] = $struct->mime_id; // Remove signature file from attachments list unset($struct->parts[1]); } } /** * Handler for S/MIME signed message. * Verifies signature. * * @param array Reference to hook's parameters */ private function parse_smime_signed(&$p) { // Verify signature if ($this->rc->action == 'show' || $this->rc->action == 'preview') { $this->load_smime_driver(); $struct = $p['structure']; $msg_part = $struct->parts[0]; // Verify $sig = $this->smime_driver->verify($struct, $p['object']); // Store signature data for display $this->signatures[$struct->mime_id] = $sig; // Message can be multipart (assign signature to each subpart) if (!empty($msg_part->parts)) { foreach ($msg_part->parts as $part) $this->signed_parts[$part->mime_id] = $struct->mime_id; } else { $this->signed_parts[$msg_part->mime_id] = $struct->mime_id; } // Remove signature file from attachments list unset($struct->parts[1]); } } /** * Handler for plain encrypted message. * * @param array Reference to hook's parameters */ private function parse_plain_encrypted(&$p) { $this->load_pgp_driver(); $part = $p['structure']; // Get body $this->set_part_body($part, $p['object']->uid); // Decrypt $result = $this->pgp_decrypt($part->body); // Store decryption status $this->decryptions[$part->mime_id] = $result; // Parse decrypted message if ($result === true) { // @TODO } } /** * Handler for PGP/MIME encrypted message. * * @param array Reference to hook's parameters */ private function parse_pgp_encrypted(&$p) { $this->load_pgp_driver(); $struct = $p['structure']; $part = $struct->parts[1]; // Get body $this->set_part_body($part, $p['object']->uid); // Decrypt $result = $this->pgp_decrypt($part->body); $this->decryptions[$part->mime_id] = $result; //print_r($part); // Parse decrypted message if ($result === true) { // @TODO } else { // Make sure decryption status message will be displayed $part->type = 'content'; $p['object']->parts[] = $part; } } /** * Handler for S/MIME encrypted message. * * @param array Reference to hook's parameters */ private function parse_smime_encrypted(&$p) { // $this->load_smime_driver(); } /** * PGP signature verification. * * @param mixed Message body * @param mixed Signature body (for MIME messages) * * @return mixed enigma_signature or enigma_error */ private function pgp_verify(&$msg_body, $sig_body=null) { // @TODO: Handle big bodies using (temp) files // @TODO: caching of verification result $sig = $this->pgp_driver->verify($msg_body, $sig_body); if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::E_KEYNOTFOUND) rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Enigma plugin: " . $sig->getMessage() ), true, false); return $sig; } /** * PGP message decryption. * * @param mixed Message body * * @return mixed True or enigma_error */ private function pgp_decrypt(&$msg_body) { // @TODO: Handle big bodies using (temp) files // @TODO: caching of verification result $key = ''; $pass = ''; // @TODO $result = $this->pgp_driver->decrypt($msg_body, $key, $pass); if ($result instanceof enigma_error) { $err_code = $result->getCode(); if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS))) rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Enigma plugin: " . $result->getMessage() ), true, false); return $result; } // $msg_body = $result; return true; } /** * PGP keys listing. * * @param mixed Key ID/Name pattern * * @return mixed Array of keys or enigma_error */ function list_keys($pattern='') { $this->load_pgp_driver(); $result = $this->pgp_driver->list_keys($pattern); if ($result instanceof enigma_error) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Enigma plugin: " . $result->getMessage() ), true, false); } return $result; } /** * PGP key details. * * @param mixed Key ID * * @return mixed enigma_key or enigma_error */ function get_key($keyid) { $this->load_pgp_driver(); $result = $this->pgp_driver->get_key($keyid); if ($result instanceof enigma_error) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Enigma plugin: " . $result->getMessage() ), true, false); } return $result; } /** * PGP keys/certs importing. * * @param mixed Import file name or content * @param boolean True if first argument is a filename * * @return mixed Import status data array or enigma_error */ function import_key($content, $isfile=false) { $this->load_pgp_driver(); $result = $this->pgp_driver->import($content, $isfile); if ($result instanceof enigma_error) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Enigma plugin: " . $result->getMessage() ), true, false); } else { $result['imported'] = $result['public_imported'] + $result['private_imported']; $result['unchanged'] = $result['public_unchanged'] + $result['private_unchanged']; } return $result; } /** * Handler for keys/certs import request action */ function import_file() { $uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST); $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST); $mime_id = rcube_utils::get_input_value('_part', rcube_utils::INPUT_POST); $storage = $this->rc->get_storage(); if ($uid && $mime_id) { $storage->set_folder($mbox); $part = $storage->get_message_part($uid, $mime_id); } if ($part && is_array($result = $this->import_key($part))) { $this->rc->output->show_message('enigma.keysimportsuccess', 'confirmation', array('new' => $result['imported'], 'old' => $result['unchanged'])); } else $this->rc->output->show_message('enigma.keysimportfailed', 'error'); $this->rc->output->send(); } /** * Checks if specified message part contains body data. * If body is not set it will be fetched from IMAP server. * * @param rcube_message_part Message part object * @param integer Message UID */ private function set_part_body($part, $uid) { // @TODO: Create such function in core // @TODO: Handle big bodies using file handles if (!isset($part->body)) { $part->body = $this->rc->storage->get_message_part( $uid, $part->mime_id, $part); } } }