diff options
author | friendica <info@friendica.com> | 2013-11-20 15:20:12 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-11-20 15:20:12 -0800 |
commit | d7ee552c570f4fca760c3d1573f32c005cf73bb8 (patch) | |
tree | a5020a1a27472fe889d773a5e4e2b410930ceda7 | |
parent | f6c41e61ace7260dde49125487f9ec7142f48e4f (diff) | |
download | volse-hubzilla-d7ee552c570f4fca760c3d1573f32c005cf73bb8.tar.gz volse-hubzilla-d7ee552c570f4fca760c3d1573f32c005cf73bb8.tar.bz2 volse-hubzilla-d7ee552c570f4fca760c3d1573f32c005cf73bb8.zip |
Protocol: now set data['alg'] on all encapsulated encrypted packets, so that we can more easily retire 'aes256cbc' once it is no longer viable.
-rwxr-xr-x | boot.php | 10 | ||||
-rw-r--r-- | include/crypto.php | 16 | ||||
-rw-r--r-- | include/follow.php | 2 | ||||
-rwxr-xr-x | include/items.php | 26 | ||||
-rw-r--r-- | include/message.php | 16 | ||||
-rwxr-xr-x | include/text.php | 4 | ||||
-rw-r--r-- | include/zot.php | 10 | ||||
-rw-r--r-- | mod/editpost.php | 4 | ||||
-rw-r--r-- | mod/message.php | 2 | ||||
-rw-r--r-- | mod/post.php | 4 | ||||
-rw-r--r-- | mod/probe.php | 2 | ||||
-rw-r--r-- | mod/register.php | 8 |
12 files changed, 62 insertions, 42 deletions
@@ -803,12 +803,6 @@ class App { $scheme = $this->scheme; -// if((x($this->config,'system')) && (x($this->config['system'],'ssl_policy'))) { -// if(intval($this->config['system']['ssl_policy']) === intval(SSL_POLICY_FULL)) { -// $scheme = 'https'; -// } -// } - $this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' ); return $this->baseurl; } @@ -995,6 +989,9 @@ class App { )) . $this->page['htmlhead']; } + // The following curl functions will go away once we've converted + // all instances of (fetch|post)_url() to z_(fetch|post)_url() + function set_curl_code($code) { $this->curl_code = $code; } @@ -1186,7 +1183,6 @@ function is_ajax() { // $_SERVER variables, and synchronising the state of installed plugins. - function check_config(&$a) { $build = get_config('system','db_version'); diff --git a/include/crypto.php b/include/crypto.php index a0268ef93..ca01814da 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -49,6 +49,13 @@ function AES256CBC_decrypt($data,$key,$iv) { str_pad($iv,16,"\0"))); } +function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { + if($alg === 'aes256cbc') + return aes_encapsulate($data,$pubkey); + +} + + function aes_encapsulate($data,$pubkey) { if(! $pubkey) logger('aes_encapsulate: no key. data: ' . $data); @@ -60,12 +67,21 @@ function aes_encapsulate($data,$pubkey) { $x = debug_backtrace(); logger('aes_encapsulate: RSA failed. ' . print_r($x[0],true)); } + $result['alg'] = 'aes256cbc'; $result['key'] = base64url_encode($k,true); openssl_public_encrypt($iv,$i,$pubkey); $result['iv'] = base64url_encode($i,true); return $result; } +function crypto_unencapsulate($data,$prvkey) { + $alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc'); + if($alg === 'aes256cbc') + return aes_unencapsulate($data,$prvkey); + +} + + function aes_unencapsulate($data,$prvkey) { openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); diff --git a/include/follow.php b/include/follow.php index 10bcddf2b..5cf161304 100644 --- a/include/follow.php +++ b/include/follow.php @@ -96,7 +96,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $global_perms = get_perms(); if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) { - $permissions = aes_unencapsulate(array( + $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), diff --git a/include/items.php b/include/items.php index 7e21b9c4d..fabad6a63 100755 --- a/include/items.php +++ b/include/items.php @@ -644,9 +644,9 @@ function get_item_elements($x) { $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; $key = get_config('system','pubkey'); if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); } @@ -699,9 +699,9 @@ function encode_item($item) { if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); if($item['body']) - $item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } if($item['item_restrict'] & ITEM_DELETED) { @@ -908,9 +908,9 @@ function encode_mail($item) { if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); if($item['body']) - $item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } $x['message_id'] = $item['mid']; @@ -963,10 +963,10 @@ function get_mail_elements($x) { $arr['mail_flags'] |= MAIL_OBSCURED; $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false); if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['created'] > datetime_convert()) $arr['created'] = datetime_convert(); @@ -1516,9 +1516,9 @@ function item_store($arr,$allow_exec = false) { $key = get_config('system','pubkey'); $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); } } @@ -1887,9 +1887,9 @@ function item_store_update($arr,$allow_exec = false) { $key = get_config('system','pubkey'); $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); } } @@ -2243,7 +2243,7 @@ function tag_deliver($uid,$item_id) { if($item['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); if($item['body']) - $body = aes_unencapsulate(json_decode_plus($item['body']),$key); + $body = crypto_unencapsulate(json_decode_plus($item['body']),$key); } else $body = $item['body']; diff --git a/include/message.php b/include/message.php index 2fca9bef0..a95021583 100644 --- a/include/message.php +++ b/include/message.php @@ -109,9 +109,9 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $key = get_config('system','pubkey'); if($subject) - $subject = json_encode(aes_encapsulate($subject,$key)); + $subject = json_encode(crypto_encapsulate($subject,$key)); if($body) - $body = json_encode(aes_encapsulate($body,$key)); + $body = json_encode(crypto_encapsulate($body,$key)); @@ -231,9 +231,9 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $key = get_config('system','prvkey'); if($r[$k]['title']) - $r[$k]['title'] = aes_unencapsulate(json_decode_plus($r[$k]['title']),$key); + $r[$k]['title'] = crypto_unencapsulate(json_decode_plus($r[$k]['title']),$key); if($r[$k]['body']) - $r[$k]['body'] = aes_unencapsulate(json_decode_plus($r[$k]['body']),$key); + $r[$k]['body'] = crypto_unencapsulate(json_decode_plus($r[$k]['body']),$key); } } @@ -270,9 +270,9 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { $key = get_config('system','prvkey'); if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); + $messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key); if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); + $messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key); } } @@ -358,9 +358,9 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { $key = get_config('system','prvkey'); if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); + $messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key); if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); + $messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key); } } diff --git a/include/text.php b/include/text.php index fc70e3509..780992f4a 100755 --- a/include/text.php +++ b/include/text.php @@ -1010,9 +1010,9 @@ function unobscure(&$item) { if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); if($item['body']) - $item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } } diff --git a/include/zot.php b/include/zot.php index 1191cc221..a4a27ce9c 100644 --- a/include/zot.php +++ b/include/zot.php @@ -82,7 +82,7 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_ // Hush-hush ultra top-secret mode if($remote_key) { - $data = aes_encapsulate(json_encode($data),$remote_key); + $data = crypto_encapsulate(json_encode($data),$remote_key); } return json_encode($data); @@ -269,7 +269,7 @@ function zot_refresh($them,$channel = null) { if($channel) { $global_perms = get_perms(); if($j['permissions']['data']) { - $permissions = aes_unencapsulate(array( + $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), @@ -823,7 +823,7 @@ function zot_fetch($arr) { 'secret_sig' => base64url_encode(rsa_sign($arr['secret'],get_config('system','prvkey'))) ); - $datatosend = json_encode(aes_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'])); + $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'])); $fetch = zot_zot($url,$datatosend); $result = zot_import($fetch, $arr['sender']['url']); @@ -849,7 +849,7 @@ function zot_import($arr, $sender_url) { } if(array_key_exists('iv',$data)) { - $data = json_decode(aes_unencapsulate($data,get_config('system','prvkey')),true); + $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true); } $incoming = $data['pickup']; @@ -861,7 +861,7 @@ function zot_import($arr, $sender_url) { $result = null; if(array_key_exists('iv',$i['notify'])) { - $i['notify'] = json_decode(aes_unencapsulate($i['notify'],get_config('system','prvkey')),true); + $i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true); } logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA); diff --git a/mod/editpost.php b/mod/editpost.php index b01afe9b3..f25d6d21d 100644 --- a/mod/editpost.php +++ b/mod/editpost.php @@ -57,9 +57,9 @@ function editpost_content(&$a) { if($itm[0]['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); if($itm[0]['title']) - $itm[0]['title'] = aes_unencapsulate(json_decode_plus($itm[0]['title']),$key); + $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key); if($itm[0]['body']) - $itm[0]['body'] = aes_unencapsulate(json_decode_plus($itm[0]['body']),$key); + $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); } $tpl = get_markup_template("jot.tpl"); diff --git a/mod/message.php b/mod/message.php index f992a6fa1..a0382f63d 100644 --- a/mod/message.php +++ b/mod/message.php @@ -79,7 +79,7 @@ function message_post(&$a) { $global_perms = get_perms(); if($j['permissions']['data']) { - $permissions = aes_unencapsulate($j['permissions'],$channel['channel_prvkey']); + $permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']); if($permissions) $permissions = json_decode($permissions); logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA); diff --git a/mod/post.php b/mod/post.php index 2778621d3..64e08e632 100644 --- a/mod/post.php +++ b/mod/post.php @@ -172,7 +172,7 @@ function post_post(&$a) { */ if(array_key_exists('iv',$data)) { - $data = aes_unencapsulate($data,get_config('system','prvkey')); + $data = crypto_unencapsulate($data,get_config('system','prvkey')); logger('mod_zot: decrypt1: ' . $data, LOGGER_DATA); // susceptible to Bleichenbacher's attack @@ -312,7 +312,7 @@ function post_post(&$a) { ); } } - $encrypted = aes_encapsulate(json_encode($ret),$sitekey); + $encrypted = crypto_encapsulate(json_encode($ret),$sitekey); json_return_and_die($encrypted); /** pickup: end */ diff --git a/mod/probe.php b/mod/probe.php index bd792d52e..e2dd4ef77 100644 --- a/mod/probe.php +++ b/mod/probe.php @@ -26,7 +26,7 @@ function probe_content(&$a) { $j = json_decode($res['body'],true); } if($j && $j['permissions'] && $j['permissions']['iv']) - $j['permissions'] = json_decode(aes_unencapsulate($j['permissions'],$channel['channel_prvkey']),true); + $j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']),true); $o .= str_replace("\n",'<br />',print_r($j,true)); $o .= '</pre>'; } diff --git a/mod/register.php b/mod/register.php index bc1603f25..2040732ff 100644 --- a/mod/register.php +++ b/mod/register.php @@ -7,6 +7,14 @@ function register_init(&$a) { $result = null; $cmd = ((argc() > 1) ? argv(1) : ''); + // Provide a stored request for somebody desiring a connection + // when they first need to register someplace. Once they've + // created a channel, we'll try to revive the connection request + // and process it. + + if($_REQUEST['connect']) + $_SESSION['connect'] = $_REQUEST['connect']; + switch($cmd) { case 'invite_check.json': $result = check_account_invite($_REQUEST['invite_code']); |