oldkid/friendica
1
0
Fork 0
mirror of https://git.sekbaer.de/Friendica/friendica.git synced 2025-06-17 04:15:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #1683 from fabrixxm/issue-1655

Browse source 
Deprecate RINO1 function, implements RINO2, remove unused crypro functions
This commit is contained in:
Michael Vogel 2015-06-27 17:39:00 +02:00
commit b795bf2935
14 changed files with 1057 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

37
include/crypto.php
View file

@ -187,6 +187,7 @@ function salmon_key($pubkey) {
if(! function_exists('aes_decrypt')) {
// DEPRECATED IN 3.4.1
function aes_decrypt($val,$ky)
{
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
@ -200,6 +201,7 @@ function aes_decrypt($val,$ky)
if(! function_exists('aes_encrypt')) {
// DEPRECATED IN 3.4.1
function aes_encrypt($val,$ky)
{
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
@ -211,7 +213,6 @@ function aes_encrypt($val,$ky)
return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
}}
function pkcs5_pad ($text, $blocksize)
{
$pad = $blocksize - (strlen($text) % $blocksize);
@ -226,40 +227,6 @@ function pkcs5_unpad($text)
return substr($text, 0, -1 * $pad);
}
function AES256CBC_encrypt($data,$key,$iv) {
return mcrypt_encrypt(
MCRYPT_RIJNDAEL_128,
str_pad($key,32,"\0"),
pkcs5_pad($data,16),
MCRYPT_MODE_CBC,
str_pad($iv,16,"\0"));
}
function AES256CBC_decrypt($data,$key,$iv) {
return pkcs5_unpad(mcrypt_decrypt(
MCRYPT_RIJNDAEL_128,
str_pad($key,32,"\0"),
$data,
MCRYPT_MODE_CBC,
str_pad($iv,16,"\0")));
}
function aes_encapsulate($data,$pubkey) {
$key = random_string(32,RANDOM_STRING_TEXT);
$iv = random_string(16,RANDOM_STRING_TEXT);
$result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true);
openssl_public_encrypt($key,$k,$pubkey);
$result['key'] = base64url_encode($k,true);
openssl_public_encrypt($iv,$i,$pubkey);
$result['iv'] = base64url_encode($i,true);
return $result;
}
function aes_unencapsulate($data,$prvkey) {
openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey);
openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey);
return AES256CBC_decrypt(base64url_decode($data['data']),$k,$i);
}
function new_keypair($bits) {

63
include/items.php
View file

@ -15,6 +15,9 @@ require_once('include/plaintext.php');
require_once('include/ostatus.php');
require_once('mod/share.php');
require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false) {
@ -1983,13 +1986,13 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
if($contact['duplex'] && $contact['issued-id'])
$idtosend = '1:' . $orig_id;
$rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
$rino = get_config('system','rino_encrypt');
$rino = intval($rino);
$rino_enable = get_config('system','rino_encrypt');
if(! $rino_enable)
$rino = 0;
$ssl_val = intval(get_config('system','ssl_policy'));
$ssl_policy = '';
@ -2006,7 +2009,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
break;
}
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino='.$rino : '');
logger('dfrn_deliver: ' . $url);
@ -2037,7 +2040,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$challenge = hex2bin((string) $res->challenge);
$perm = (($res->perm) ? $res->perm : null);
$dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
$rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
$rino_remote_version = intval($res->rino);
$page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
if($owner['page-flags'] == PAGE_PRVGROUP)
@ -2098,11 +2101,46 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
if($page)
$postvars['page'] = $page;
if($rino && $rino_allowed && (! $dissolve)) {
$key = substr(random_string(),0,16);
$data = bin2hex(aes_encrypt($postvars['data'],$key));
$postvars['data'] = $data;
logger('rino: sent key = ' . $key, LOGGER_DEBUG);
if($rino>0 && $rino_remote_version>0 && (! $dissolve)) {
logger('rino version: '. $rino_remote_version);
switch($rino_remote_version) {
case 1:
// Deprecated rino version!
$key = substr(random_string(),0,16);
$data = aes_encrypt($postvars['data'],$key);
break;
case 2:
// RINO 2 based on php-encryption
try {
$key = Crypto::createNewRandomKey();
} catch (CryptoTestFailed $ex) {
logger('Cannot safely create a key');
return -1;
} catch (CannotPerformOperation $ex) {
logger('Cannot safely create a key');
return -1;
}
try {
$data = Crypto::encrypt($postvars['data'], $key);
} catch (CryptoTestFailed $ex) {
logger('Cannot safely perform encryption');
return -1;
} catch (CannotPerformOperation $ex) {
logger('Cannot safely perform encryption');
return -1;
}
break;
default:
logger("rino: invalid requested verision '$rino_remote_version'");
return -1;
}
$postvars['rino'] = $rino_remote_version;
$postvars['data'] = bin2hex($data);
#logger('rino: sent key = ' . $key, LOGGER_DEBUG);
if($dfrn_version >= 2.1) {
@ -2129,6 +2167,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$postvars['key'] = bin2hex($postvars['key']);
}
logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA);