-
Notifications
You must be signed in to change notification settings - Fork 2
/
helpers.inc
99 lines (91 loc) · 3.22 KB
/
helpers.inc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
function forward_command_for_user_and_constituency_with_user_codes($main_server_script) {
$data = get_signed_data();
if(isset($data['user_id']) && isset($data['constituency_id'])){
$post_vars = array();
$post_vars['user_code'] = db_anon::get_user_code($data['user_id']);
$post_vars['constituency_id'] = $data['constituency_id'];
$reply = curl_to_main_server($main_server_script, $post_vars);
echo $reply == "success"
? "success"
: "failed - reply from $main_server_script: $reply";
}
else echo "user_id or constituency_id was not posted";
}
function get_signed_data() {
$serial_data = $_POST['data'];
$signature = $_POST['sign'];
verify($signature, $serial_data);
$data = unserialize($serial_data);
return $data;
}
function verify($signature, $plaintext) {
include_once('Crypt/RSA.php');
$computed_hash = hash('sha256', $plaintext);
$rsa = new Crypt_RSA();
$rsa->loadKey(DD_PUBLIC_KEY);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$hash = $rsa->decrypt($signature);
if ($hash != $computed_hash)
throw new \Exception('Invalid message: ' . $plaintext
. '. Hash missmatch, provided: ' . $hash
. ', computed: ' . $computed_hash);
}
function GenerateRandomString ($length)
{
$Allowed_Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$random_string = "";
for($i=0; $i<$length; $i++)
{
$offset = mt_rand(0,61);
if ($offset >= strlen($Allowed_Chars))
throw new Exception('Tried to generate string from invalid char at offset: ' . $offset);
$random_string .= $Allowed_Chars[$offset];
}
return $random_string;
}
function curl_to_main_server ($main_server_script, $post_vars = null)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, MAIN_SERVER_URL . $main_server_script);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$signed_data = sign($post_vars);
$post_data = http_build_query($signed_data);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$reply = curl_exec($ch);
curl_close($ch);
return $reply;
}
function sign($post_vars) {
include_once('Crypt/RSA.php');
if (!$post_vars)
$post_vars = array();
$post_vars['salt'] = GenerateRandomString(20);
$serial_data = serialize($post_vars);
$hash = hash('sha256', $serial_data);
$rsa = new Crypt_RSA();
$rsa->loadKey(DD_ANON_PRIVATE_KEY);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$signature = $rsa->encrypt($hash);
$post_vars = array('sign' => $signature, 'data' => $serial_data);
return $post_vars;
}
function decrypt_ballot ($ballot)
{
// Ballot consist of RSA and AES part
$ballot_decoded = json_decode($ballot, true);
// decryption using phplibsec RSA library
include_once('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->loadKey(DD_ANON_PRIVATE_KEY);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$ballot_rsa_decrypted = $rsa->decrypt(base64_decode($ballot_decoded['rsa']));
$ballot_rsa_decrypted_decoded = json_decode($ballot_rsa_decrypted, true);
// decryption using Giberish AES library
include('Crypt/GibberishAES.php');
$ballot_aes_decrypted = GibberishAES::dec($ballot_decoded['aes'], $ballot_rsa_decrypted_decoded['password']);
$ballot_aes_decrypted_decoded = json_decode($ballot_aes_decrypted, true);
return $ballot_aes_decrypted_decoded;
}
?>