if(isset($_POST["gen_key"])){ if($privkey = openssl_get_privatekey(file_get

1. if(isset($_POST["gen_key"])){
2.  
3. if($privkey = openssl_get_privatekey(file_get_contents("tools/privkey.ec.pem"), $_ENV["PRIVKEY_PASSPHRASE"])){
4.  
5. $token = hash_pbkdf2("sha512", $_SESSION["password"], $_SESSION["pretoken"], 1000, 64, true);
6. $success = openssl_sign($_SESSION["username"].$token, $signature, $privkey, openssl_get_md_methods()[14]);
7. openssl_free_key($privkey);
8. if($success){
9. $pubkey = openssl_get_publickey(file_get_contents("tools/pubkey.ec.pem"));
10. $success = openssl_verify($_SESSION["username"].$token, $signature, $pubkey, openssl_get_md_methods()[14]);
11. openssl_free_key($pubkey);
12. if($success==1){
13. $user_credential_data = $_SESSION["username"]."\0".$signature;
14. if(isset($_POST["passphrase"]) && ($_POST["passphrase"] != "")){
15. $encrypted_prefix = "\xec";
16. $salt = random_bytes(16);
17. $pbkdf2_output = openssl_pbkdf2($_POST["passphrase"], $salt, 48, 100, "sha256");
18. $pbkdf2_arr = unpack('C*', $pbkdf2_output);
19. $encrypt_key = implode(array_map("chr", array_slice($pbkdf2_arr, 0, -16)));
20. $iv = implode(array_map("chr", array_slice($pbkdf2_arr, -16)));
21. error_log("keylen: ".strlen($encrypt_key).", ivlen: ".strlen($iv));
22. $encrypt_out = openssl_encrypt($user_credential_data, "aes-256-gcm", $encrypt_key, $options=OPENSSL_RAW_DATA, $iv, $tag);
23. if($encrypt_out !== false){
24. $user_credential_data = $encrypted_prefix . $salt . $encrypt_out . $tag;
25. }
26. else { error_log("OpenSSL encryption error, aborting key encryption"); }
27.  
28. }
29. $d_out = "TInyAuthKF".$user_credential_data;
30. $binname = tempnam("/tmp", "kfbin_");
31. $tifname = tempnam("/tmp", "kfti_");
32. error_log("File Names: ".$binname.", ".$tifname);
33. $tf = fopen($binname, "wb");
34. fwrite($tf, $d_out);
35. fclose($tf);
36. $cmd = "tools/convbin -i ".$binname." -j bin -o ".$tifname." -k 8xv -n TIAuthKF";
37. shell_exec($cmd);
38. header('Content-Type: application/octetstream; name="TInyAuthKF.8xv"');
39. header('Content-Type: application/octet-stream; name="TInyAuthKF.8xv"');
40. header('Content-Disposition: attachment; filename="TInyAuthKF.8xv"');
41. echo file_get_contents($tifname);
42. unlink($binname);
43. unlink($tifname);
44. exit();
45. }
46. else { $errors[] = "Signature not valid."; }
47. }
48. else { $errors[] = "Error generating downloadable keyfile."; }
49. }
50. else { $errors[] = "Error loading server private key."; }
51. }