aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-02-09 13:50:03 +0000
committerMario <mario@mariovavti.com>2021-02-09 13:50:03 +0000
commitb4693870ba647455e6bd0a3919a544130cee118b (patch)
tree97fe6de09c5ce3b5e6ed247c6a6105008631e79a
parent5aee2f172ecdf58e13dd328c787fd199c48d24c5 (diff)
downloadvolse-hubzilla-b4693870ba647455e6bd0a3919a544130cee118b.tar.gz
volse-hubzilla-b4693870ba647455e6bd0a3919a544130cee118b.tar.bz2
volse-hubzilla-b4693870ba647455e6bd0a3919a544130cee118b.zip
port Lib/Crypto from zap
-rw-r--r--Zotlabs/Lib/Crypto.php205
-rw-r--r--Zotlabs/Lib/JSalmon.php4
-rw-r--r--Zotlabs/Lib/LDSignatures.php12
-rw-r--r--Zotlabs/Lib/Libzot.php16
-rw-r--r--Zotlabs/Lib/Zotfinger.php12
-rw-r--r--Zotlabs/Module/Channel.php3
-rw-r--r--Zotlabs/Module/Connedit.php3
-rw-r--r--Zotlabs/Module/Fhublocs.php22
-rw-r--r--Zotlabs/Module/Getfile.php3
-rw-r--r--Zotlabs/Module/Import.php5
-rw-r--r--Zotlabs/Module/Prate.php60
-rw-r--r--Zotlabs/Module/Probe.php17
-rw-r--r--Zotlabs/Module/Rate.php70
-rw-r--r--Zotlabs/Web/HTTPSig.php11
-rw-r--r--Zotlabs/Zot/Auth.php38
-rw-r--r--Zotlabs/Zot/Finger.php5
-rw-r--r--Zotlabs/Zot/Receiver.php20
-rw-r--r--Zotlabs/Zot6/Receiver.php15
-rw-r--r--boot.php4
-rw-r--r--include/account.php36
-rw-r--r--include/channel.php17
-rw-r--r--include/crypto.php7
-rw-r--r--include/dir_fns.php3
-rw-r--r--include/follow.php18
-rw-r--r--include/items.php7
-rw-r--r--include/text.php11
-rw-r--r--include/xchan.php13
-rw-r--r--include/zot.php111
-rw-r--r--tests/unit/Lib/KeyutilsTest.php2
-rw-r--r--tests/unit/Web/HttpSigTest.php6
-rw-r--r--vendor/composer/InstalledVersions.php4
-rw-r--r--vendor/composer/installed.php4
32 files changed, 502 insertions, 262 deletions
diff --git a/Zotlabs/Lib/Crypto.php b/Zotlabs/Lib/Crypto.php
new file mode 100644
index 000000000..3dba1bcf3
--- /dev/null
+++ b/Zotlabs/Lib/Crypto.php
@@ -0,0 +1,205 @@
+<?php
+
+namespace Zotlabs\Lib;
+use Exception;
+
+class Crypto {
+
+ public static $openssl_algorithms = [
+
+ // zot6 nickname, opensslname, keylength, ivlength
+
+ [ 'aes256ctr', 'aes-256-ctr', 32, 16 ],
+ [ 'camellia256cfb', 'camellia-256-cfb', 32, 16 ],
+ [ 'cast5cfb', 'cast5-cfb', 16, 8 ]
+
+ ];
+
+ public static function methods() {
+ $ret = [];
+
+ foreach(self::$openssl_algorithms as $ossl) {
+ $ret[] = $ossl[0] . '.oaep';
+ }
+
+ call_hooks('crypto_methods',$ret);
+ return $ret;
+ }
+
+ public static function signing_methods() {
+
+ $ret = [ 'sha256' ];
+ call_hooks('signing_methods',$ret);
+ return $ret;
+
+ }
+
+ public static function new_keypair($bits) {
+
+ $openssl_options = [
+ 'digest_alg' => 'sha1',
+ 'private_key_bits' => $bits,
+ 'encrypt_key' => false
+ ];
+
+ $conf = get_config('system','openssl_conf_file');
+
+ if ($conf) {
+ $openssl_options['config'] = $conf;
+ }
+
+ $result = openssl_pkey_new($openssl_options);
+
+ if (empty($result)) {
+ return false;
+ }
+
+ // Get private key
+
+ $response = [ 'prvkey' => '', 'pubkey' => '' ];
+
+ openssl_pkey_export($result, $response['prvkey']);
+
+ // Get public key
+ $pkey = openssl_pkey_get_details($result);
+ $response['pubkey'] = $pkey["key"];
+
+ return $response;
+
+ }
+
+ public static function sign($data,$key,$alg = 'sha256') {
+
+ if (! $key) {
+ return false;
+ }
+
+ $sig = '';
+ openssl_sign($data,$sig,$key,$alg);
+ return $sig;
+ }
+
+ public static function verify($data,$sig,$key,$alg = 'sha256') {
+
+ if (! $key) {
+ return false;
+ }
+
+ try {
+ $verify = openssl_verify($data,$sig,$key,$alg);
+ }
+ catch (Exception $e) {
+ $verify = (-1);
+ }
+
+ if ($verify === (-1)) {
+ while ($msg = openssl_error_string()) {
+ logger('openssl_verify: ' . $msg,LOGGER_NORMAL,LOG_ERR);
+ }
+ btlogger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR);
+ }
+
+ return (($verify > 0) ? true : false);
+ }
+
+ public static function encapsulate($data,$pubkey,$alg) {
+
+ if (! ($alg && $pubkey)) {
+ return $data;
+ }
+
+ $alg_base = $alg;
+ $padding = OPENSSL_PKCS1_PADDING;
+
+ $exts = explode('.',$alg);
+ if (count($exts) > 1) {
+ switch ($exts[1]) {
+ case 'oaep':
+ $padding = OPENSSL_PKCS1_OAEP_PADDING;
+ break;
+ default:
+ break;
+ }
+ $alg_base = $exts[0];
+ }
+
+ $method = null;
+
+ foreach (self::$openssl_algorithms as $ossl) {
+ if ($ossl[0] === $alg_base) {
+ $method = $ossl;
+ break;
+ }
+ }
+
+ if ($method) {
+ $result = [ 'encrypted' => true ];
+
+ $key = openssl_random_pseudo_bytes(256);
+ $iv = openssl_random_pseudo_bytes(256);
+
+ $key1 = substr($key, 0, $method[2]);
+ $iv1 = substr($iv, 0, $method[3]);
+
+ $result['data'] = base64url_encode(openssl_encrypt($data,$method[1],$key1,OPENSSL_RAW_DATA,$iv1),true);
+
+ openssl_public_encrypt($key, $k, $pubkey, $padding);
+ openssl_public_encrypt($iv, $i, $pubkey, $padding);
+
+ $result['alg'] = $alg;
+ $result['key'] = base64url_encode($k,true);
+ $result['iv'] = base64url_encode($i,true);
+ return $result;
+
+ }
+ else {
+ $x = [ 'data' => $data, 'pubkey' => $pubkey, 'alg' => $alg, 'result' => $data ];
+ call_hooks('crypto_encapsulate', $x);
+ return $x['result'];
+ }
+ }
+
+ public static function unencapsulate($data,$prvkey) {
+
+ if (! (is_array($data) && array_key_exists('encrypted',$data) && array_key_exists('alg',$data) && $data['alg'])) {
+ logger('not encrypted');
+
+ return $data;
+ }
+
+ $alg_base = $data['alg'];
+ $padding = OPENSSL_PKCS1_PADDING;
+
+ $exts = explode('.',$data['alg']);
+ if (count($exts) > 1) {
+ switch ($exts[1]) {
+ case 'oaep':
+ $padding = OPENSSL_PKCS1_OAEP_PADDING;
+ break;
+ default:
+ break;
+ }
+ $alg_base = $exts[0];
+ }
+
+ $method = null;
+
+ foreach (self::$openssl_algorithms as $ossl) {
+ if ($ossl[0] === $alg_base) {
+ $method = $ossl;
+ break;
+ }
+ }
+
+ if ($method) {
+ openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,$padding);
+ openssl_private_decrypt(base64url_decode($data['iv']), $i,$prvkey,$padding);
+ return openssl_decrypt(base64url_decode($data['data']),$method[1],substr($k,0,$method[2]),OPENSSL_RAW_DATA,substr($i,0,$method[3]));
+ }
+ else {
+ $x = [ 'data' => $data, 'prvkey' => $prvkey, 'alg' => $data['alg'], 'result' => $data ];
+ call_hooks('crypto_unencapsulate',$x);
+ return $x['result'];
+ }
+ }
+}
diff --git a/Zotlabs/Lib/JSalmon.php b/Zotlabs/Lib/JSalmon.php
index 7f63cf914..f9fe99706 100644
--- a/Zotlabs/Lib/JSalmon.php
+++ b/Zotlabs/Lib/JSalmon.php
@@ -18,7 +18,7 @@ class JSalmon {
$precomputed = '.' . base64url_encode($data_type,true) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng';
- $signature = base64url_encode(rsa_sign($data . $precomputed, $key), true);
+ $signature = base64url_encode(Crypto::sign($data . $precomputed, $key), true);
return ([
'signed' => true,
@@ -54,7 +54,7 @@ class JSalmon {
$key = HTTPSig::get_key(EMPTY_STR,'zot6',base64url_decode($x['sigs']['key_id']));
logger('key: ' . print_r($key,true));
if($key['portable_id'] && $key['public_key']) {
- if(rsa_verify($signed_data,base64url_decode($x['sigs']['value']),$key['public_key'])) {
+ if(Crypto::verify($signed_data,base64url_decode($x['sigs']['value']),$key['public_key'])) {
logger('verified');
$ret = [ 'success' => true, 'signer' => $key['portable_id'], 'hubloc' => $key['hubloc'] ];
}
diff --git a/Zotlabs/Lib/LDSignatures.php b/Zotlabs/Lib/LDSignatures.php
index 2eba66ccf..1c2095f10 100644
--- a/Zotlabs/Lib/LDSignatures.php
+++ b/Zotlabs/Lib/LDSignatures.php
@@ -12,7 +12,7 @@ class LDSignatures {
$ohash = self::hash(self::signable_options($data['signature']));
$dhash = self::hash(self::signable_data($data));
- $x = rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey);
+ $x = Crypto::verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey);
logger('LD-verify: ' . intval($x));
return $x;
@@ -35,11 +35,11 @@ class LDSignatures {
$ohash = self::hash(self::signable_options($options));
$dhash = self::hash(self::signable_data($data));
- $options['signatureValue'] = base64_encode(rsa_sign($ohash . $dhash,$channel['channel_prvkey']));
+ $options['signatureValue'] = base64_encode(Crypto::sign($ohash . $dhash,$channel['channel_prvkey']));
$signed = array_merge([
- '@context' => [
- ACTIVITYSTREAMS_JSONLD_REV,
+ '@context' => [
+ ACTIVITYSTREAMS_JSONLD_REV,
'https://w3id.org/security/v1' ],
],$options);
@@ -88,7 +88,7 @@ class LDSignatures {
return '';
jsonld_set_document_loader('jsonld_document_loader');
-
+
try {
$d = jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]);
}
@@ -117,7 +117,7 @@ class LDSignatures {
$precomputed = '.' . base64url_encode($data_type,false) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
- $signature = base64url_encode(rsa_sign($data . $precomputed,$channel['channel_prvkey']));
+ $signature = base64url_encode(Crypto::sign($data . $precomputed,$channel['channel_prvkey']));
return ([
'id' => $arr['id'],
diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php
index 0ead8402e..a615cee6e 100644
--- a/Zotlabs/Lib/Libzot.php
+++ b/Zotlabs/Lib/Libzot.php
@@ -130,7 +130,7 @@ class Libzot {
if ($remote_key) {
$algorithm = self::best_algorithm($methods);
if ($algorithm) {
- $data = crypto_encapsulate(json_encode($data), $remote_key, $algorithm);
+ $data = Crypto::encapsulate(json_encode($data), $remote_key, $algorithm);
}
}
@@ -143,7 +143,7 @@ class Libzot {
*
* @param string $methods
* Comma separated list of encryption methods
- * @return string first match from our site method preferences crypto_methods() array
+ * @return string first match from our site method preferences Crypto::methods() array
* of a method which is common to both sites; or 'aes256cbc' if no matches are found.
*/
static function best_algorithm($methods) {
@@ -167,7 +167,7 @@ class Libzot {
if ($methods) {
$x = explode(',', $methods);
if ($x) {
- $y = crypto_methods();
+ $y = Crypto::methods();
if ($y) {
foreach ($y as $yv) {
$yv = trim($yv);
@@ -763,8 +763,8 @@ class Libzot {
'xchan_guid' => $arr['id'],
'xchan_guid_sig' => $arr['id_sig'],
'xchan_pubkey' => $arr['public_key'],
- 'xchan_photo_mimetype' => $arr['photo']['type'],
- 'xchan_photo_l' => $arr['photo']['url'],
+ 'xchan_photo_mimetype' => $arr['photo_mimetype'],
+ 'xchan_photo_l' => $arr['photo'],
'xchan_addr' => escape_tags($arr['primary_location']['address']),
'xchan_url' => escape_tags($arr['primary_location']['url']),
'xchan_connurl' => $arr['primary_location']['connections_url'],
@@ -772,7 +772,7 @@ class Libzot {
'xchan_connpage' => $arr['connect_url'],
'xchan_name' => (($arr['name']) ? escape_tags($arr['name']) : '-'),
'xchan_network' => 'zot6',
- 'xchan_photo_date' => $arr['photo']['updated'],
+ 'xchan_photo_date' => $arr['photo_updated'],
'xchan_name_date' => $arr['name_updated'],
'xchan_hidden' => intval(1 - intval($arr['searchable'])),
'xchan_selfcensored' => $arr['adult_content'],
@@ -983,7 +983,7 @@ class Libzot {
logger('Headers: ' . print_r($arr['header'], true), LOGGER_DATA, LOG_DEBUG);
}
- $x = crypto_unencapsulate($x, get_config('system', 'prvkey'));
+ $x = Crypto::unencapsulate($x, get_config('system', 'prvkey'));
if (!is_array($x)) {
$x = json_decode($x, true);
@@ -3020,7 +3020,7 @@ class Libzot {
$ret['site']['directory_url'] = z_root() . '/dirsearch';
- $ret['site']['encryption'] = crypto_methods();
+ $ret['site']['encryption'] = Crypto::methods();
$ret['site']['zot'] = System::get_zot_revision();
// hide detailed site information if you're off the grid
diff --git a/Zotlabs/Lib/Zotfinger.php b/Zotlabs/Lib/Zotfinger.php
index faaf28f35..840d91403 100644
--- a/Zotlabs/Lib/Zotfinger.php
+++ b/Zotlabs/Lib/Zotfinger.php
@@ -18,8 +18,8 @@ class Zotfinger {
if($channel && $m) {
- $headers = [
- 'Accept' => 'application/x-zot+json',
+ $headers = [
+ 'Accept' => 'application/x-zot+json',
'Content-Type' => 'application/x-zot+json',
'X-Zot-Token' => random_string(),
'Digest' => HTTPSig::generate_digest_header($data),
@@ -29,9 +29,9 @@ class Zotfinger {
$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),false);
}
else {
- $h = [ 'Accept: application/x-zot+json' ];
+ $h = [ 'Accept: application/x-zot+json' ];
}
-
+
$result = [];
$redirects = 0;
@@ -43,11 +43,11 @@ class Zotfinger {
if ($verify) {
$result['signature'] = HTTPSig::verify($x, EMPTY_STR, 'zot6');
}
-
+
$result['data'] = json_decode($x['body'],true);
if($result['data'] && is_array($result['data']) && array_key_exists('encrypted',$result['data']) && $result['data']['encrypted']) {
- $result['data'] = json_decode(crypto_unencapsulate($result['data'],get_config('system','prvkey')),true);
+ $result['data'] = json_decode(Crypto::unencapsulate($result['data'],get_config('system','prvkey')),true);
}
logger('decrypted: ' . print_r($result,true));
diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php
index 915e0ea60..a513523a7 100644
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -6,6 +6,7 @@ namespace Zotlabs\Module;
use App;
use Zotlabs\Lib\Activity;
use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\Libzot;
use Zotlabs\Lib\PermissionDescription;
use Zotlabs\Web\Controller;
@@ -70,7 +71,7 @@ class Channel extends Controller {
);
if ($s) {
- $data = json_encode(crypto_encapsulate($data, $s[0]['hubloc_sitekey'], Libzot::best_algorithm($s[0]['site_crypto'])));
+ $data = json_encode(Crypto::encapsulate($data, $s[0]['hubloc_sitekey'], Libzot::best_algorithm($s[0]['site_crypto'])));
}
}
else {
diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index 582563451..44211c8b9 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -9,6 +9,7 @@ namespace Zotlabs\Module;
use App;
use Zotlabs\Lib\Apps;
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\Libzot;
use Zotlabs\Lib\Libsync;
use Zotlabs\Daemon\Master;
@@ -178,7 +179,7 @@ class Connedit extends Controller {
if(! $is_self) {
$signed = $orig_record[0]['abook_xchan'] . '.' . $rating . '.' . $rating_text;
- $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey']));
+ $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey']));
$rated = ((intval($rating) || strlen($rating_text)) ? true : false);
diff --git a/Zotlabs/Module/Fhublocs.php b/Zotlabs/Module/Fhublocs.php
index dcd399a1f..42dac5b12 100644
--- a/Zotlabs/Module/Fhublocs.php
+++ b/Zotlabs/Module/Fhublocs.php
@@ -15,12 +15,12 @@ class Fhublocs extends \Zotlabs\Web\Controller {
if(! is_site_admin())
return;
-
+
$o = '';
-
+
$r = q("select * from channel where channel_removed = 0");
$sitekey = get_config('system','pubkey');
-
+
if($r) {
foreach($r as $rr) {
@@ -38,14 +38,14 @@ class Fhublocs extends \Zotlabs\Web\Controller {
if($found) {
$o .= 'Hubloc exists for ' . $rr['channel_name'] . EOL;
continue;
- }
+ }
}
$y = q("select xchan_addr from xchan where xchan_hash = '%s' limit 1",
dbesc($rr['channel_hash'])
);
if($y)
$primary_address = $y[0]['xchan_addr'];
-
+
$hub_address = channel_reddress($rr);
$primary = (($hub_address === $primary_address) ? 1 : 0);
@@ -56,9 +56,9 @@ class Fhublocs extends \Zotlabs\Web\Controller {
dbesc($rr['channel_hash']),
dbesc(z_root())
);
-
+
// Create a verified hub location pointing to this site.
-
+
/*
$h = hubloc_store_lowlevel(
[
@@ -69,7 +69,7 @@ class Fhublocs extends \Zotlabs\Web\Controller {
'hubloc_network' => 'zot',
'hubloc_primary' => $primary,
'hubloc_url' => z_root(),
- 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$rr['channel_prvkey'])),
+ 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$rr['channel_prvkey'])),
'hubloc_host' => \App::get_hostname(),
'hubloc_callback' => z_root() . '/post',
'hubloc_sitekey' => $sitekey
@@ -99,11 +99,11 @@ class Fhublocs extends \Zotlabs\Web\Controller {
$o . 'local hubloc created for ' . $rr['channel_name'] . EOL;
else
$o .= 'DB update failed for ' . $rr['channel_name'] . EOL;
-
+
}
-
+
return $o;
-
+
}
}
}
diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php
index 20cc23ac0..28d7eabb5 100644
--- a/Zotlabs/Module/Getfile.php
+++ b/Zotlabs/Module/Getfile.php
@@ -1,6 +1,7 @@
<?php
namespace Zotlabs\Module;
+use Zotlabs\Lib\Crypto;
use Zotlabs\Web\HTTPSig;
use Zotlabs\Lib\Libzot;
@@ -106,7 +107,7 @@ class Getfile extends \Zotlabs\Web\Controller {
killme();
}
- if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) {
+ if(! Crypto::verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) {
logger('verify failed.');
killme();
}
diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php
index f8fc366e0..8ef24b232 100644
--- a/Zotlabs/Module/Import.php
+++ b/Zotlabs/Module/Import.php
@@ -8,6 +8,7 @@ require_once('include/import.php');
require_once('include/perm_upgrade.php');
require_once('library/urlify/URLify.php');
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\Libzot;
@@ -227,7 +228,7 @@ class Import extends \Zotlabs\Web\Controller {
'hubloc_network' => 'zot',
'hubloc_primary' => (($seize) ? 1 : 0),
'hubloc_url' => z_root(),
- 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])),
+ 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])),
'hubloc_host' => \App::get_hostname(),
'hubloc_callback' => z_root() . '/post',
'hubloc_sitekey' => get_config('system','pubkey'),
@@ -256,7 +257,7 @@ class Import extends \Zotlabs\Web\Controller {
'hubloc_network' => 'zot6',
'hubloc_primary' => (($seize) ? 1 : 0),
'hubloc_url' => z_root(),
- 'hubloc_url_sig' => 'sha256.' . base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])),
+ 'hubloc_url_sig' => 'sha256.' . base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])),
'hubloc_host' => \App::get_hostname(),
'hubloc_callback' => z_root() . '/zot',
'hubloc_sitekey' => get_config('system','pubkey'),
diff --git a/Zotlabs/Module/Prate.php b/Zotlabs/Module/Prate.php
index 2a8539ed0..8b71657b8 100644
--- a/Zotlabs/Module/Prate.php
+++ b/Zotlabs/Module/Prate.php
@@ -2,21 +2,23 @@
namespace Zotlabs\Module;
+use Zotlabs\Lib\Crypto;
+
class Prate extends \Zotlabs\Web\Controller {
function init() {
if($_SERVER['REQUEST_METHOD'] === 'post')
return;
-
+
if(! local_channel())
return;
-
+
$channel = \App::get_channel();
-
+
$target = argv(1);
if(! $target)
return;
-
+
$r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1",
dbesc($channel['channel_hash']),
dbesc($target)
@@ -25,34 +27,34 @@ class Prate extends \Zotlabs\Web\Controller {
json_return_and_die(array('rating' => $r[0]['xlink_rating'],'rating_text' => $r[0]['xlink_rating_text']));
killme();
}
-
+
function post() {
-
+
if(! local_channel())
return;
-
+
$channel = \App::get_channel();
-
+
$target = trim($_REQUEST['target']);
if(! $target)
return;
-
+
if($target === $channel['channel_hash'])
return;
-
+
$rating = intval($_POST['rating']);
if($rating < (-10))
$rating = (-10);
if($rating > 10)
$rating = 10;
-
+
$rating_text = trim(escape_tags($_REQUEST['rating_text']));
-
+
$signed = $target . '.' . $rating . '.' . $rating_text;
-
- $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey']));
-
-
+
+ $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey']));
+
+
$z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1",
dbesc($channel['channel_hash']),
dbesc($target)
@@ -87,19 +89,19 @@ class Prate extends \Zotlabs\Web\Controller {
if($record) {
\Zotlabs\Daemon\Master::Summon(array('Ratenotif','rating',$record));
}
-
+
json_return_and_die(array('result' => true));;
}
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
}
diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php
index d338b08ea..3bc4dac72 100644
--- a/Zotlabs/Module/Probe.php
+++ b/Zotlabs/Module/Probe.php
@@ -3,6 +3,7 @@ namespace Zotlabs\Module;
use App;
use Zotlabs\Lib\Apps;
+use Zotlabs\Lib\Crypto;
require_once('include/zot.php');
@@ -24,18 +25,18 @@ class Probe extends \Zotlabs\Web\Controller {
nav_set_selected('Remote Diagnostics');
$o .= '<h3>Remote Diagnostics</h3>';
-
+
$o .= '<form action="probe" method="get">';
$o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" />';
- $o .= '<input type="submit" name="submit" value="Submit" /></form>';
-
+ $o .= '<input type="submit" name="submit" value="Submit" /></form>';
+
$o .= '<br /><br />';
-
+
if(x($_GET,'addr')) {
$channel = App::get_channel();
$addr = trim($_GET['addr']);
$do_import = ((intval($_GET['import']) && is_site_admin()) ? true : false);
-
+
$j = \Zotlabs\Zot\Finger::run($addr,$channel,false);
$o .= '<pre>';
@@ -43,17 +44,17 @@ class Probe extends \Zotlabs\Web\Controller {
$o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n";
$j = \Zotlabs\Zot\Finger::run($addr,$channel,true);
if(! $j['success']) {
- return $o;
+ return $o;
}
}
if($do_import && $j)
$x = import_xchan($j);
if($j && $j['permissions'] && $j['permissions']['iv'])
- $j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']),true);
+ $j['permissions'] = json_decode(Crypto::unencapsulate($j['permissions'],$channel['channel_prvkey']),true);
$o .= str_replace("\n",'<br />',print_r($j,true));
$o .= '</pre>';
}
return $o;
}
-
+
}
diff --git a/Zotlabs/Module/Rate.php b/Zotlabs/Module/Rate.php
index c03aaa54f..d29c370fc 100644
--- a/Zotlabs/Module/Rate.php
+++ b/Zotlabs/Module/Rate.php
@@ -3,21 +3,23 @@ namespace Zotlabs\Module;
+use Zotlabs\Lib\Crypto;
+
class Rate extends \Zotlabs\Web\Controller {
function init() {
-
+
if(! local_channel())
return;
-
+
$channel = \App::get_channel();
-
+
$target = $_REQUEST['target'];
if(! $target)
return;
-
+
\App::$data['target'] = $target;
-
+
if($target) {
$r = q("SELECT * FROM xchan where xchan_hash like '%s' LIMIT 1",
dbesc($target)
@@ -36,43 +38,43 @@ class Rate extends \Zotlabs\Web\Controller {
}
}
}
-
-
+
+
return;
-
+
}
-
-
+
+
function post() {
-
+
if(! local_channel())
return;
-
+
if(! \App::$data['target'])
return;
-
+
if(! $_REQUEST['execute'])
return;
-
+
$channel = \App::get_channel();
-
+
$rating = intval($_POST['rating']);
if($rating < (-10))
$rating = (-10);
if($rating > 10)
$rating = 10;
-
+
$rating_text = trim(escape_tags($_REQUEST['rating_text']));
-
+
$signed = \App::$data['target'] . '.' . $rating . '.' . $rating_text;
-
- $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey']));
-
+
+ $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey']));
+
$z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1",
dbesc($channel['channel_hash']),
dbesc(\App::$data['target'])
);
-
+
if($z) {
$record = $z[0]['xlink_id'];
$w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s'
@@ -100,39 +102,39 @@ class Rate extends \Zotlabs\Web\Controller {
if($z)
$record = $z[0]['xlink_id'];
}
-
+
if($record) {
\Zotlabs\Daemon\Master::Summon(array('Ratenotif','rating',$record));
}
-
+
}
-
+
function get() {
-
+
if(! local_channel()) {
notice( t('Permission denied.') . EOL);
return;
}
-
+
// if(! \App::$data['target']) {
// notice( t('No recipients.') . EOL);
// return;
// }
-
+
$rating_enabled = get_config('system','rating_enabled');
if(! $rating_enabled) {
notice('Ratings are disabled on this site.');
return;
}
-
+
$channel = \App::get_channel();
-
+
$r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1",
dbesc($channel['channel_hash']),
dbesc(\App::$data['target'])
);
if($r) {
- \App::$data['xlink'] = $r[0];
+ \App::$data['xlink'] = $r[0];
$rating_val = $r[0]['xlink_rating'];
$rating_text = $r[0]['xlink_rating_text'];
}
@@ -140,7 +142,7 @@ class Rate extends \Zotlabs\Web\Controller {
$rating_val = 0;
$rating_text = '';
}
-
+
if($rating_enabled) {
$rating = replace_macros(get_markup_template('rating_slider.tpl'),array(
'$min' => -10,
@@ -150,7 +152,7 @@ class Rate extends \Zotlabs\Web\Controller {
else {
$rating = false;
}
-
+
$o = replace_macros(get_markup_template('rating_form.tpl'),array(
'$header' => t('Rating'),
'$website' => t('Website:'),
@@ -165,8 +167,8 @@ class Rate extends \Zotlabs\Web\Controller {
'$slide' => $slide,
'$submit' => t('Submit')
));
-
+
return $o;
-
+
}
}
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 8dd999e59..2535c9016 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -3,6 +3,7 @@
namespace Zotlabs\Web;
use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\Keyutils;
use Zotlabs\Lib\Webfinger;
use Zotlabs\Lib\Libzot;
@@ -157,7 +158,7 @@ class HTTPSig {
return $result;
}
- $x = rsa_verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm);
+ $x = Crypto::verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm);
logger('verified: ' . $x, LOGGER_DEBUG);
@@ -171,7 +172,7 @@ class HTTPSig {
$fetched_key = self::get_key($key,$keytype,$result['signer'],true);
if ($fetched_key && $fetched_key['public_key']) {
- $y = rsa_verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm);
+ $y = Crypto::verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm);
logger('verified: (cache reload) ' . $x, LOGGER_DEBUG);
}
@@ -417,7 +418,7 @@ class HTTPSig {
$headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
if($encryption) {
- $x = crypto_encapsulate($headerval,$encryption['key'],$encryption['algorithm']);
+ $x = Crypto::encapsulate($headerval,$encryption['key'],$encryption['algorithm']);
if(is_array($x)) {
$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"';
}
@@ -491,7 +492,7 @@ class HTTPSig {
$headers = rtrim($headers,"\n");
}
- $sig = base64_encode(rsa_sign($headers,$prvkey,$alg));
+ $sig = base64_encode(Crypto::sign($headers,$prvkey,$alg));
$ret['headers'] = $fields;
$ret['signature'] = $sig;
@@ -567,7 +568,7 @@ class HTTPSig {
$data = $matches[1];
if($iv && $key && $alg && $data) {
- return crypto_unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey);
+ return Crypto::unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey);
}
return '';
diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php
index 8d198f506..6ce2174f7 100644
--- a/Zotlabs/Zot/Auth.php
+++ b/Zotlabs/Zot/Auth.php
@@ -2,6 +2,8 @@
namespace Zotlabs\Zot;
+use Zotlabs\Lib\Crypto;
+
class Auth {
protected $test;
@@ -68,7 +70,7 @@ class Auth {
if(strstr($this->desturl,z_root() . '/rmagic'))
goaway(z_root());
- $this->Finalise();
+ $this->Finalise();
}
@@ -76,7 +78,7 @@ class Auth {
// Try and find a hubloc for the person attempting to auth.
// Since we're matching by address, we have to return all entries
- // some of which may be from re-installed hubs; and we'll need to
+ // some of which may be from re-installed hubs; and we'll need to
// try each sequentially to see if one can pass the test
$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash
@@ -130,9 +132,9 @@ class Auth {
// Also check that they are coming from the same site as they authenticated with originally.
- $already_authed = (((remote_channel()) && ($hubloc['hubloc_hash'] == remote_channel())
+ $already_authed = (((remote_channel()) && ($hubloc['hubloc_hash'] == remote_channel())
&& ($hubloc['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
-
+
if($this->delegate && $this->delegate !== $_SESSION['delegate_channel'])
$already_authed = false;
@@ -158,17 +160,17 @@ class Auth {
return false;
}
- // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the
+ // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the
// site private key
- // The actual channel sending the packet ($c[0]) is not important, but this provides a
+ // The actual channel sending the packet ($c[0]) is not important, but this provides a
// generic zot packet with a sender which can be verified
$x = q("select site_crypto from site where site_url = '%s' limit 1",
dbesc($hubloc['hubloc_url'])
);
- $p = zot_build_packet($channel,$type = 'auth_check',
- array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])),
+ $p = zot_build_packet($channel,$type = 'auth_check',
+ array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])),
$hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec);
$this->Debug('auth check packet created using sitekey ' . $hubloc['hubloc_sitekey']);
@@ -192,12 +194,12 @@ class Auth {
$this->Debug('auth check request returned ' . print_r($j, true));
- if(! $j['success'])
+ if(! $j['success'])
return false;
// legit response, but we do need to check that this wasn't answered by a man-in-middle
- if (! rsa_verify($this->sec . $hubloc['xchan_hash'],base64url_decode($j['confirm']),$hubloc['xchan_pubkey'])) {
+ if (! Crypto::verify($this->sec . $hubloc['xchan_hash'],base64url_decode($j['confirm']),$hubloc['xchan_pubkey'])) {
logger('final confirmation failed.');
if($this->test)
$this->Debug('final confirmation failed. ' . $sec . print_r($j,true) . print_r($hubloc,true));
@@ -290,7 +292,7 @@ class Auth {
* Magic Auth
* ==========
*
- * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite),
+ * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite),
* a redirection is made via $mysite/magic to the zot endpoint of the remote site ($remotesite) with special GET parameters.
*
* The endpoint is typically https://$remotesite/post - or whatever was specified as the callback url in prior communications
@@ -299,7 +301,7 @@ class Auth {
* Five GET parameters are supplied:
* * auth => the urlencoded webbie (channel@host.domain) of the channel requesting access
* * dest => the desired destination URL (urlencoded)
- * * sec => a random string which is also stored on $mysite for use during the verification phase.
+ * * sec => a random string which is also stored on $mysite for use during the verification phase.
* * version => the zot revision
* * delegate => optional urlencoded webbie of a local channel to invoke delegation rights for
*
@@ -336,8 +338,8 @@ class Auth {
* }
* \endcode
*
- * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see
- * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the
+ * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see
+ * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the
* destination channel's private key and base64url encoded. If everything checks out, a json packet is returned:
*
* \code{.json}
@@ -351,10 +353,10 @@ class Auth {
* \endcode
*
* 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the
- * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key.
- * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful
- * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login.
- * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is
+ * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key.
+ * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful
+ * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login.
+ * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is
* a string whose contents are not defined by protocol. Example: "basic" or "gold".
*
* @param[in,out] \App &$a
diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php
index 778b701cd..cadde5415 100644
--- a/Zotlabs/Zot/Finger.php
+++ b/Zotlabs/Zot/Finger.php
@@ -2,6 +2,7 @@
namespace Zotlabs\Zot;
+use Zotlabs\Lib\Crypto;
use Zotlabs\Web\HTTPSig;
/**
@@ -109,7 +110,7 @@ class Finger {
$result = z_post_url('http://' . $host . $rhs,$postvars, $retries, [ 'headers' => $xhead ]);
}
}
- }
+ }
else {
$rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token;
@@ -135,7 +136,7 @@ class Finger {
if($x && (! $verify['header_valid'])) {
$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);
if($signed_token) {
- $valid = rsa_verify('token.' . self::$token, base64url_decode($signed_token), $x['key']);
+ $valid = Crypto::verify('token.' . self::$token, base64url_decode($signed_token), $x['key']);
if(! $valid) {
logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR);
diff --git a/Zotlabs/Zot/Receiver.php b/Zotlabs/Zot/Receiver.php
index c521c9d64..7fc445f66 100644
--- a/Zotlabs/Zot/Receiver.php
+++ b/Zotlabs/Zot/Receiver.php
@@ -2,6 +2,8 @@
namespace Zotlabs\Zot;
+use Zotlabs\Lib\Crypto;
+
class Receiver {
protected $data;
@@ -30,7 +32,7 @@ class Receiver {
$this->encrypted = ((array_key_exists('iv',$data)) ? true : false);
if($this->encrypted) {
- $this->data = @json_decode(@crypto_unencapsulate($data,$prvkey),true);
+ $this->data = @json_decode(@Crypto::unencapsulate($data,$prvkey),true);
}
if(! $this->data)
$this->data = $data;
@@ -72,7 +74,7 @@ class Receiver {
$this->validated = true;
}
-
+
function Dispatch() {
/* Handle tasks which don't require sender validation */
@@ -144,8 +146,8 @@ class Receiver {
* $contents->iv and $contents->key are random strings encrypted with this site's RSA public key and then base64url encoded.
*
* Once decrypted, one will find the normal json_encoded zot message packet.
- *
- * Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup
+ *
+ * Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup
*
* Standard packet: (used by notify, purge, refresh, force_refresh, and auth_check)
* \code{.json}
@@ -167,7 +169,7 @@ class Receiver {
* \endcode
*
* Signature fields are all signed with the sender channel private key and base64url encoded.
- * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private
+ * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private
* key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates
* a public message or visible to all potential listeners on this site.
*
@@ -186,7 +188,7 @@ class Receiver {
*
* In the pickup packet, the sig fields correspond to the respective data
* element signed with this site's system private key and then base64url encoded.
- * The "secret" is the same as the original secret from the notify packet.
+ * The "secret" is the same as the original secret from the notify packet.
*
* If verification is successful, a json structure is returned containing a
* success indicator and an array of type 'pickup'.
@@ -283,18 +285,18 @@ class Receiver {
* }
* \endcode
*
- * The ping packet can be used to verify that a site has not been re-installed, and to
+ * The ping packet can be used to verify that a site has not been re-installed, and to
* initiate corrective action if it has. The url_sig is signed with the site private key
* and base64url encoded - and this should verify with the enclosed sitekey. Failure to
* verify indicates the site is corrupt or otherwise unable to communicate using zot.
* This return packet is not otherwise verified, so should be compared with other
* results obtained from this site which were verified prior to taking action. For instance
- * if you have one verified result with this signature and key, and other records for this
+ * if you have one verified result with this signature and key, and other records for this
* url which have different signatures and keys, it indicates that the site was re-installed
* and corrective action may commence (remove or mark invalid any entries with different
* signatures).
* If you have no records which match this url_sig and key - no corrective action should
- * be taken as this packet may have been returned by an imposter.
+ * be taken as this packet may have been returned by an imposter.
*
* @param[in,out] App &$a
*/
diff --git a/Zotlabs/Zot6/Receiver.php b/Zotlabs/Zot6/Receiver.php
index a9a7ab0df..6440c5da5 100644
--- a/Zotlabs/Zot6/Receiver.php
+++ b/Zotlabs/Zot6/Receiver.php
@@ -3,6 +3,7 @@
namespace Zotlabs\Zot6;
use Zotlabs\Lib\Config;
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\Libzot;
use Zotlabs\Web\HTTPSig;
@@ -70,7 +71,7 @@ class Receiver {
$this->encrypted = ((array_key_exists('encrypted',$this->data) && intval($this->data['encrypted'])) ? true : false);
if ($this->encrypted && $this->prvkey) {
- $uncrypted = crypto_unencapsulate($this->data,$this->prvkey);
+ $uncrypted = Crypto::unencapsulate($this->data,$this->prvkey);
if ($uncrypted) {
$this->data = json_decode($uncrypted,true);
}
@@ -88,7 +89,7 @@ class Receiver {
if ($this->error) {
// make timing attacks on the decryption engine a bit more difficult
usleep(mt_rand(10000,100000));
- return($this->response);
+ return($this->response);
}
if ($this->data) {
@@ -126,7 +127,7 @@ class Receiver {
$x = Libzot::register_hub($this->sigdata['signer']);
if($x['success']) {
$hub = Libzot::valid_hub($this->sender,$this->site_id);
- }
+ }
if(! $hub) {
$this->response['message'] = 'sender unknown';
return false;
@@ -168,8 +169,8 @@ class Receiver {
}
}
return $result;
- }
-
+ }
+
function Dispatch() {
switch ($this->messagetype) {
@@ -207,13 +208,13 @@ class Receiver {
$this->EncryptResponse();
}
- return($this->response);
+ return($this->response);
}
function EncryptResponse() {
$algorithm = Libzot::best_algorithm($this->hub['site_crypto']);
if ($algorithm) {
- $this->response = crypto_encapsulate(json_encode($this->response),$this->hub['hubloc_sitekey'], $algorithm);
+ $this->response = Crypto::encapsulate(json_encode($this->response),$this->hub['hubloc_sitekey'], $algorithm);
}
}
diff --git a/boot.php b/boot.php
index 4d18d4844..0c70f0229 100644
--- a/boot.php
+++ b/boot.php
@@ -28,6 +28,8 @@
*/
// composer autoloader for all namespaced Classes
+use Zotlabs\Lib\Crypto;
+
require_once('vendor/autoload.php');
require_once('include/config.php');
@@ -1570,7 +1572,7 @@ function fix_system_urls($oldurl, $newurl) {
dbesc($channel_address . '@' . $rhs),
dbesc($newurl),
dbesc(str_replace($oldurl,$newurl,$rv['hubloc_id_url'])),
- dbesc(($rv['hubloc_network'] === 'zot6') ? \Zotlabs\Lib\Libzot::sign($newurl,$c[0]['channel_prvkey']) : base64url_encode(rsa_sign($newurl,$c[0]['channel_prvkey']))),
+ dbesc(($rv['hubloc_network'] === 'zot6') ? \Zotlabs\Lib\Libzot::sign($newurl,$c[0]['channel_prvkey']) : base64url_encode(Crypto::sign($newurl,$c[0]['channel_prvkey']))),
dbesc($newhost),
dbesc(($rv['hubloc_network'] === 'zot6') ? $newurl . '/zot' : $newurl . '/post'),
dbesc($rv['xchan_hash']),
diff --git a/include/account.php b/include/account.php
index bea84cea7..34936c33f 100644
--- a/include/account.php
+++ b/include/account.php
@@ -4,6 +4,8 @@
* @brief Somme account related functions.
*/
+use Zotlabs\Lib\Crypto;
+
require_once('include/config.php');
require_once('include/network.php');
require_once('include/plugin.php');
@@ -26,8 +28,8 @@ function check_account_email($email) {
$email = punify($email);
$result = array('error' => false, 'message' => '');
- // Caution: empty email isn't counted as an error in this function.
- // Check for empty value separately.
+ // Caution: empty email isn't counted as an error in this function.
+ // Check for empty value separately.
if(! strlen($email))
return $result;
@@ -36,7 +38,7 @@ function check_account_email($email) {
$result['message'] .= t('Not a valid email address') . EOL;
elseif(! allowed_email($email))
$result['message'] = t('Your email domain is not among those allowed on this site');
- else {
+ else {
$r = q("select account_email from account where account_email = '%s' limit 1",
dbesc($email)
);
@@ -175,7 +177,7 @@ function create_account($arr) {
// Ensure that there is a host keypair.
if ((! get_config('system', 'pubkey')) && (! get_config('system', 'prvkey'))) {
- $hostkey = new_keypair(4096);
+ $hostkey = Crypto::new_keypair(4096);
set_config('system', 'pubkey', $hostkey['pubkey']);
set_config('system', 'prvkey', $hostkey['prvkey']);
}
@@ -306,8 +308,8 @@ function verify_email_address($arr) {
);
$res = z_mail(
- [
- 'toEmail' => $arr['email'],
+ [
+ 'toEmail' => $arr['email'],
'messageSubject' => sprintf( t('Registration confirmation for %s'), get_config('system','sitename')),
'textVersion' => $email_msg,
]
@@ -375,8 +377,8 @@ function send_reg_approval_email($arr) {
));
$res = z_mail(
- [
- 'toEmail' => $admin['email'],
+ [
+ 'toEmail' => $admin['email'],
'messageSubject' => sprintf( t('Registration request at %s'), get_config('system','sitename')),
'textVersion' => $email_msg,
]
@@ -403,7 +405,7 @@ function send_register_success_email($email,$password) {
));
$res = z_mail(
- [
+ [
'toEmail' => $email,
'messageSubject' => sprintf( t('Registration details for %s'), get_config('system','sitename')),
'textVersion' => $email_msg,
@@ -446,7 +448,7 @@ function account_allow($hash) {
intval(ACCOUNT_BLOCKED),
intval($register[0]['uid'])
);
-
+
q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_PENDING),
intval(ACCOUNT_PENDING),
@@ -466,7 +468,7 @@ function account_allow($hash) {
));
$res = z_mail(
- [
+ [
'toEmail' => $account[0]['account_email'],
'messageSubject' => sprintf( t('Registration details for %s'), get_config('system','sitename')),
'textVersion' => $email_msg,
@@ -556,13 +558,13 @@ function account_approve($hash) {
intval(ACCOUNT_BLOCKED),
intval($register[0]['uid'])
);
-
+
q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_PENDING),
intval(ACCOUNT_PENDING),
intval($register[0]['uid'])
);
-
+
q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_UNVERIFIED),
intval(ACCOUNT_UNVERIFIED),
@@ -583,7 +585,7 @@ function account_approve($hash) {
else {
$_SESSION['login_return_url'] = 'new_channel';
authenticate_success($account[0],null,true,true,false,true);
- }
+ }
return true;
}
@@ -592,14 +594,14 @@ function account_approve($hash) {
/**
* @brief Checks for accounts that have past their expiration date.
*
- * If the account has a service class which is not the site default,
+ * If the account has a service class which is not the site default,
* the service class is reset to the site default and expiration reset to never.
* If the account has no service class it is expired and subsequently disabled.
* called from include/poller.php as a scheduled task.
*
* Reclaiming resources which are no longer within the service class limits is
- * not the job of this function, but this can be implemented by plugin if desired.
- * Default behaviour is to stop allowing additional resources to be consumed.
+ * not the job of this function, but this can be implemented by plugin if desired.
+ * Default behaviour is to stop allowing additional resources to be consumed.
*/
function downgrade_accounts() {
diff --git a/include/channel.php b/include/channel.php
index 2d79cd074..08b5ee889 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -9,6 +9,7 @@ use Zotlabs\Access\PermissionRoles;
use Zotlabs\Access\PermissionLimits;
use Zotlabs\Access\Permissions;
use Zotlabs\Daemon\Master;
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\System;
use Zotlabs\Render\Comanche;
use Zotlabs\Lib\Libzot;
@@ -107,7 +108,7 @@ function create_sys_channel() {
if ((! get_config('system', 'pubkey')) && (! get_config('system', 'prvkey'))) {
require_once('include/crypto.php');
- $hostkey = new_keypair(4096);
+ $hostkey = Crypto::new_keypair(4096);
set_config('system', 'pubkey', $hostkey['pubkey']);
set_config('system', 'prvkey', $hostkey['prvkey']);
}
@@ -232,10 +233,10 @@ function create_identity($arr) {
}
$guid = Libzot::new_uid($nick);
- $key = new_keypair(4096);
+ $key = Crypto::new_keypair(4096);
// legacy zot
- $zsig = base64url_encode(rsa_sign($guid,$key['prvkey']));
+ $zsig = base64url_encode(Crypto::sign($guid,$key['prvkey']));
$zhash = make_xchan_hash($guid,$zsig);
// zot6
@@ -345,7 +346,7 @@ function create_identity($arr) {
'hubloc_addr' => channel_reddress($ret['channel']),
'hubloc_primary' => intval($primary),
'hubloc_url' => z_root(),
- 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$ret['channel']['channel_prvkey'])),
+ 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$ret['channel']['channel_prvkey'])),
'hubloc_host' => App::get_hostname(),
'hubloc_callback' => z_root() . '/post',
'hubloc_sitekey' => get_config('system','pubkey'),
@@ -603,9 +604,9 @@ function change_channel_keys($channel) {
$stored = [];
- $key = new_keypair(4096);
+ $key = Crypto::new_keypair(4096);
- $sig = base64url_encode(rsa_sign($channel['channel_guid'],$key['prvkey']));
+ $sig = base64url_encode(Crypto::sign($channel['channel_guid'],$key['prvkey']));
$hash = make_xchan_hash($channel['channel_guid'],$sig);
$stored['old_guid'] = $channel['channel_guid'];
@@ -614,7 +615,7 @@ function change_channel_keys($channel) {
$stored['old_hash'] = $channel['channel_hash'];
$stored['new_key'] = $key['pubkey'];
- $stored['new_sig'] = base64url_encode(rsa_sign($key['pubkey'],$channel['channel_prvkey']));
+ $stored['new_sig'] = base64url_encode(Crypto::sign($key['pubkey'],$channel['channel_prvkey']));
// Save this info for the notifier to collect
@@ -651,7 +652,7 @@ function change_channel_keys($channel) {
foreach($h as $hv) {
$hv['hubloc_guid_sig'] = $sig;
$hv['hubloc_hash'] = $hash;
- $hv['hubloc_url_sig'] = base64url_encode(rsa_sign(z_root(),$modified['channel_prvkey']));
+ $hv['hubloc_url_sig'] = base64url_encode(Crypto::sign(z_root(),$modified['channel_prvkey']));
hubloc_store_lowlevel($hv);
}
}
diff --git a/include/crypto.php b/include/crypto.php
index 84d639f3f..d91d3749c 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -1,5 +1,7 @@
<?php /** @file */
+use Zotlabs\Lib\Crypto;
+
require_once('library/ASNValue.class.php');
require_once('library/asn1.php');
@@ -192,7 +194,6 @@ function crypto_methods() {
function signing_methods() {
-
$r = [ 'sha256' ];
call_hooks('signing_methods',$r);
return $r;
@@ -461,12 +462,12 @@ function convert_salmon_key($key) {
function z_obscure($s) {
- return json_encode(crypto_encapsulate($s,get_config('system','pubkey')));
+ return json_encode(Crypto::encapsulate($s,get_config('system','pubkey')));
}
function z_unobscure($s) {
if(strpos($s,"{\"") !== 0)
return $s;
- return crypto_unencapsulate(json_decode($s,true),get_config('system','prvkey'));
+ return Crypto::unencapsulate(json_decode($s,true),get_config('system','prvkey'));
}
diff --git a/include/dir_fns.php b/include/dir_fns.php
index 88a1bb74f..8326415ed 100644
--- a/include/dir_fns.php
+++ b/include/dir_fns.php
@@ -3,6 +3,7 @@
* @file include/dir_fns.php
*/
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\Libzot;
use Zotlabs\Lib\Webfinger;
use Zotlabs\Lib\Zotfinger;
@@ -280,7 +281,7 @@ function sync_directories($dirmode) {
logger('key unavailable on this site for ' . $rr['channel']);
continue;
}
- if (! rsa_verify($rr['target'] . '.' . $rr['rating'] . '.' . $rr['rating_text'], base64url_decode($rr['signature']),$y[0]['xchan_pubkey'])) {
+ if (! Crypto::verify($rr['target'] . '.' . $rr['rating'] . '.' . $rr['rating_text'], base64url_decode($rr['signature']),$y[0]['xchan_pubkey'])) {
logger('failed to verify rating');
continue;
}
diff --git a/include/follow.php b/include/follow.php
index a4d382545..64ae8f7f1 100644
--- a/include/follow.php
+++ b/include/follow.php
@@ -9,6 +9,8 @@
// $return['abook'] Address book entry joined with xchan if successful
// $return['message'] error text if success is false.
+use Zotlabs\Lib\Crypto;
+
require_once('include/zot.php');
function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) {
@@ -19,7 +21,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$is_zot = false;
$protocol = '';
-
+
if(substr($url,0,1) === '[') {
$x = strpos($url,']');
if($x) {
@@ -62,7 +64,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
call_hooks('follow_init', $arr);
- if($arr['channel']['success'])
+ if($arr['channel']['success'])
$ret = $arr['channel'];
elseif((! $is_http) && ((! $protocol) || (strtolower($protocol) === 'zot')))
$ret = Zotlabs\Zot\Finger::run($url,$channel);
@@ -98,11 +100,11 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
return $result;
}
}
-
-
+
+
// do we have an xchan and hubloc?
- // If not, create them.
+ // If not, create them.
$x = import_xchan($j);
@@ -111,13 +113,13 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
return $result;
}
- if(! $x['success'])
+ if(! $x['success'])
return $x;
$xchan_hash = $x['hash'];
if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) {
- $permissions = crypto_unencapsulate(array(
+ $permissions = Crypto::unencapsulate(array(
'data' => $j['permissions']['data'],
'alg' => $j['permissions']['alg'],
'key' => $j['permissions']['key'],
@@ -140,7 +142,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$xchan_hash = '';
$sql_options = (($protocol) ? " and xchan_network = '" . dbesc($protocol) . "' " : '');
-
+
$r = q("select * from xchan where (xchan_addr = '%s' or xchan_url = '%s') $sql_options ",
dbesc($url),
diff --git a/include/items.php b/include/items.php
index 83108455f..223fba147 100644
--- a/include/items.php
+++ b/include/items.php
@@ -4,6 +4,7 @@
* @brief Items related functions.
*/
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\Enotify;
use Zotlabs\Lib\MarkdownSoap;
use Zotlabs\Lib\MessageFilter;
@@ -1652,7 +1653,7 @@ function item_sign(&$item) {
if(! $r)
return;
- $item['sig'] = base64url_encode(rsa_sign($item['body'], $r[0]['channel_prvkey']));
+ $item['sig'] = base64url_encode(Crypto::sign($item['body'], $r[0]['channel_prvkey']));
$item['item_verified'] = 1;
}
@@ -2971,7 +2972,7 @@ function item_community_tag($channel,$item) {
$pitem = $items[0];
$auth = get_iconfig($item,'system','communitytagauth');
if($auth) {
- if(rsa_verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['owner']['xchan_pubkey']) || rsa_verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['author']['xchan_pubkey'])) {
+ if(Crypto::verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['owner']['xchan_pubkey']) || Crypto::verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['author']['xchan_pubkey'])) {
logger('tag_deliver: tagging the post: ' . $channel['channel_name']);
$tag_the_post = true;
}
@@ -2980,7 +2981,7 @@ function item_community_tag($channel,$item) {
if(($pitem['owner_xchan'] === $channel['channel_hash']) && (! intval(get_pconfig($channel['channel_id'],'system','blocktags')))) {
logger('tag_deliver: community tag recipient: ' . $channel['channel_name']);
$tag_the_post = true;
- $sig = rsa_sign('tagauth.' . $item['mid'],$channel['channel_prvkey']);
+ $sig = Crypto::sign('tagauth.' . $item['mid'],$channel['channel_prvkey']);
logger('tag_deliver: setting iconfig for ' . $item['id']);
set_iconfig($item['id'],'system','communitytagauth',base64url_encode($sig),1);
}
diff --git a/include/text.php b/include/text.php
index 1e08d136c..b7cc0ba20 100644
--- a/include/text.php
+++ b/include/text.php
@@ -9,6 +9,7 @@ use Michelf\MarkdownExtra;
use Ramsey\Uuid\Uuid;
use Ramsey\Uuid\Exception\UnableToBuildUuidException;
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\SvgSanitizer;
require_once("include/bbcode.php");
@@ -3248,7 +3249,7 @@ function item_url_replace($channel,&$item,$old,$new,$oldnick = '') {
$item['body'] = preg_replace("/(\[zrl=".preg_quote($old,'/')."\/(photo|photos|gallery)\/".$channel['channel_address'].".+\]\[zmg=\d+x\d+\])".preg_quote($old,'/')."\/(.+\[\/zmg\])/", '${1}'.$new.'/${3}', $item['body']);
$item['body'] = preg_replace("/".preg_quote($old,'/')."\/(search|\w+\/".$channel['channel_address'].")/", $new.'/${1}', $item['body']);
- $item['sig'] = base64url_encode(rsa_sign($item['body'],$channel['channel_prvkey']));
+ $item['sig'] = base64url_encode(Crypto::sign($item['body'],$channel['channel_prvkey']));
$item['item_verified'] = 1;
$item['plink'] = str_replace($old,$new,$item['plink']);
@@ -3881,6 +3882,14 @@ function unserialise($x) {
return ((is_array($y)) ? $y : $x);
}
+function obscurify($s) {
+ return str_rot47(base64url_encode($s));
+}
+
+function unobscurify($s) {
+ return base64url_decode(str_rot47($s));
+}
+
/**
* @brief Remove new lines and tabs from strings.
*
diff --git a/include/xchan.php b/include/xchan.php
index 5de828e7f..07fdb8b47 100644
--- a/include/xchan.php
+++ b/include/xchan.php
@@ -1,5 +1,6 @@
<?php
+use Zotlabs\Lib\Crypto;
use Zotlabs\Web\HTTPSig;
use Zotlabs\Lib\Libzot;
@@ -85,7 +86,7 @@ function xchan_store($arr) {
}
if($arr['network'] === 'zot') {
- if((! $arr['key']) || (! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) {
+ if((! $arr['key']) || (! Crypto::verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) {
logger('Unable to verify signature for ' . $arr['hash']);
return false;
}
@@ -102,7 +103,7 @@ function xchan_store($arr) {
if($k === 'photo') {
continue;
}
-
+
if(in_array($columns,'xchan_' . $k))
$x['xchan_' . $k] = escape_tags($v);
}
@@ -112,7 +113,7 @@ function xchan_store($arr) {
$x['xchan_system'] = false;
$result = xchan_store_lowlevel($x);
-
+
if(! $result)
return $result;
}
@@ -207,9 +208,9 @@ function xchan_keychange_acl($table,$column,$oldxchan,$newxchan) {
if($r) {
foreach($r as $rv) {
$z = q("update $table set $allow = '%s', $deny = '%s' where $column = %d",
- dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>',
+ dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>',
$rv[$allow])),
- dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>',
+ dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>',
$rv[$deny])),
intval($rv[$column])
);
@@ -243,7 +244,7 @@ function xchan_change_key($oldx,$newx,$data) {
'xprof' => 'xprof_hash',
'xtag' => 'xtag_hash'
];
-
+
$acls = [
'channel' => 'channel_id',
diff --git a/include/zot.php b/include/zot.php
index d61873ba2..f96792656 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -8,6 +8,7 @@
*
*/
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\DReport;
use Zotlabs\Lib\Libzot;
use Zotlabs\Lib\Activity;
@@ -123,15 +124,15 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
'type' => $type,
'sender' => [
'guid' => $channel['channel_guid'],
- 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)),
+ 'guid_sig' => base64url_encode(Crypto::sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)),
'url' => z_root(),
- 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'],$sig_method)),
+ 'url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'],$sig_method)),
'sitekey' => get_config('system','pubkey')
],
'callback' => '/post',
'version' => Zotlabs\Lib\System::get_zot_revision(),
- 'encryption' => crypto_methods(),
- 'signing' => signing_methods()
+ 'encryption' => Crypto::methods(),
+ 'signing' => Crypto::signing_methods()
];
if ($recipients) {
@@ -143,7 +144,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
if ($secret) {
$data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret);
- $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method));
+ $data['secret_sig'] = base64url_encode(Crypto::sign($secret,$channel['channel_prvkey'],$sig_method));
}
if ($extra) {
@@ -157,7 +158,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
if($remote_key) {
$algorithm = zot_best_algorithm($methods);
- $data = crypto_encapsulate(json_encode($data),$remote_key, $algorithm);
+ $data = Crypto::encapsulate(json_encode($data),$remote_key, $algorithm);
}
return json_encode($data);
@@ -197,15 +198,15 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg
'type' => $type,
'sender' => [
'guid' => $channel['channel_guid'],
- 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)),
+ 'guid_sig' => base64url_encode(Crypto::sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)),
'url' => z_root(),
- 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'],$sig_method)),
+ 'url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'],$sig_method)),
'sitekey' => get_config('system','pubkey')
],
'callback' => '/post',
'version' => Zotlabs\Lib\System::get_zot_revision(),
- 'encryption' => crypto_methods(),
- 'signing' => signing_methods()
+ 'encryption' => Crypto::methods(),
+ 'signing' => Crypto::signing_methods()
];
if ($recipients) {
@@ -221,7 +222,7 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg
if ($secret) {
$data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret);
- $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method));
+ $data['secret_sig'] = base64url_encode(Crypto::sign($secret,$channel['channel_prvkey'],$sig_method));
}
if ($extra) {
@@ -235,7 +236,7 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg
if($remote_key) {
$algorithm = zot_best_algorithm($methods);
- $data = crypto_encapsulate(json_encode($data),$remote_key, $algorithm);
+ $data = Crypto::encapsulate(json_encode($data),$remote_key, $algorithm);
}
return json_encode($data);
@@ -249,7 +250,7 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg
*
* @param string $methods
* comma separated list of encryption methods
- * @return string first match from our site method preferences crypto_methods() array
+ * @return string first match from our site method preferences Crypto::methods() array
* of a method which is common to both sites; or 'aes256cbc' if no matches are found.
*/
function zot_best_algorithm($methods) {
@@ -272,7 +273,7 @@ function zot_best_algorithm($methods) {
if($methods) {
$x = explode(',', $methods);
if($x) {
- $y = crypto_methods();
+ $y = Crypto::methods();
if($y) {
foreach($y as $yv) {
$yv = trim($yv);
@@ -443,7 +444,7 @@ function zot_refresh($them, $channel = null, $force = false) {
$signed_token = ((is_array($j) && array_key_exists('signed_token',$j)) ? $j['signed_token'] : null);
if($signed_token) {
- $valid = rsa_verify('token.' . $token,base64url_decode($signed_token),$j['key']);
+ $valid = Crypto::verify('token.' . $token,base64url_decode($signed_token),$j['key']);
if(! $valid) {
logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR);
return false;
@@ -461,7 +462,7 @@ function zot_refresh($them, $channel = null, $force = false) {
if($channel) {
if($j['permissions']['data']) {
- $permissions = crypto_unencapsulate(
+ $permissions = Crypto::unencapsulate(
[
'data' => $j['permissions']['data'],
'key' => $j['permissions']['key'],
@@ -719,8 +720,8 @@ function zot_register_hub($arr) {
*/
foreach($sig_methods as $method) {
- if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'],$method))
- && (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'],$method))
+ if((Crypto::verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'],$method))
+ && (Crypto::verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'],$method))
&& ($arr['guid'] === $record['guid'])
&& ($arr['guid_sig'] === $record['guid_sig'])) {
$c = import_xchan($record);
@@ -790,7 +791,7 @@ function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
$verified = false;
foreach($sig_methods as $method) {
- if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'],$method)) {
+ if(! Crypto::verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'],$method)) {
logger('Unable to verify channel signature for ' . $arr['address'] . ' using ' . $method);
continue;
}
@@ -925,28 +926,28 @@ function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
$local = q("select channel_account_id, channel_id from channel where channel_portable_id = '%s' limit 1",
dbesc($xchan_hash)
);
-
+
if($local) {
- // @FIXME This should be removed in future when profile photo update by file sync procedure will be applied
+ // @FIXME This should be removed in future when profile photo update by file sync procedure will be applied
// on most hubs in the network
// <---
$ph = z_fetch_url($arr['photo'], true);
-
+
if($ph['success']) {
-
+
// Do not fetch already received thumbnails
$x = q("SELECT resource_id FROM photo WHERE uid = %d AND imgscale = %d AND filesize = %d LIMIT 1",
intval($local[0]['channel_id']),
intval(PHOTO_RES_PROFILE_300),
strlen($ph['body'])
- );
+ );
if($x)
$hash = $x[0]['resource_id'];
else
$hash = import_channel_photo($ph['body'], $arr['photo_mimetype'], $local[0]['channel_account_id'], $local[0]['channel_id']);
}
-
+
if($hash) {
// unless proven otherwise
$is_default_profile = 1;
@@ -972,7 +973,7 @@ function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
}
}
// --->
-
+
// reset the names in case they got messed up when we had a bug in this function
$photos = array(
z_root() . '/photo/profile/l/' . $local[0]['channel_id'],
@@ -1128,7 +1129,7 @@ function zot_process_response($hub, $arr, $outq) {
if(is_array($x) && array_key_exists('delivery_report',$x) && is_array($x['delivery_report'])) {
if(array_key_exists('iv',$x['delivery_report'])) {
- $j = crypto_unencapsulate($x['delivery_report'],get_config('system','prvkey'));
+ $j = Crypto::unencapsulate($x['delivery_report'],get_config('system','prvkey'));
if($j) {
$x['delivery_report'] = json_decode($j,true);
}
@@ -1253,14 +1254,14 @@ function zot_fetch($arr) {
$data = [
'type' => 'pickup',
'url' => z_root(),
- 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))),
+ 'callback_sig' => base64url_encode(Crypto::sign(z_root() . '/post', get_config('system','prvkey'))),
'callback' => z_root() . '/post',
'secret' => $secret,
- 'secret_sig' => base64url_encode(rsa_sign($secret, get_config('system','prvkey')))
+ 'secret_sig' => base64url_encode(Crypto::sign($secret, get_config('system','prvkey')))
];
$algorithm = zot_best_algorithm($hub['site_crypto']);
- $datatosend = json_encode(crypto_encapsulate(json_encode($data),$hub['hubloc_sitekey'], $algorithm));
+ $datatosend = json_encode(Crypto::encapsulate(json_encode($data),$hub['hubloc_sitekey'], $algorithm));
$import = zot_zot($url,$datatosend);
@@ -1272,7 +1273,7 @@ function zot_fetch($arr) {
$result = zot_import($import, $arr['sender']['url']);
if($result) {
- $result = crypto_encapsulate(json_encode($result),$hub['hubloc_sitekey'], $algorithm);
+ $result = Crypto::encapsulate(json_encode($result),$hub['hubloc_sitekey'], $algorithm);
return $result;
}
@@ -1314,7 +1315,7 @@ function zot_import($arr, $sender_url) {
}
if(array_key_exists('iv', $data)) {
- $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true);
+ $data = json_decode(Crypto::unencapsulate($data,get_config('system','prvkey')),true);
}
if(! is_array($data)) {
@@ -1342,7 +1343,7 @@ function zot_import($arr, $sender_url) {
$result = null;
if(array_key_exists('iv',$i['notify'])) {
- $i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true);
+ $i['notify'] = json_decode(Crypto::unencapsulate($i['notify'],get_config('system','prvkey')),true);
}
logger('Notify: ' . print_r($i['notify'],true), LOGGER_DATA, LOG_DEBUG);
@@ -2466,7 +2467,7 @@ function process_rating_delivery($sender, $arr) {
dbesc($sender['hash'])
);
- if((! $z) || (! rsa_verify($arr['target'] . '.' . $arr['rating'] . '.' . $arr['rating_text'], base64url_decode($arr['signature']),$z[0]['xchan_pubkey']))) {
+ if((! $z) || (! Crypto::verify($arr['target'] . '.' . $arr['rating'] . '.' . $arr['rating_text'], base64url_decode($arr['signature']),$z[0]['xchan_pubkey']))) {
logger('failed to verify rating');
return;
}
@@ -2652,7 +2653,7 @@ function sync_locations($sender, $arr, $absolute = false) {
$arr['locations'][0]['primary'] = true;
foreach($arr['locations'] as $location) {
- if(! rsa_verify($location['url'],base64url_decode($location['url_sig']),$sender['key'])) {
+ if(! Crypto::verify($location['url'],base64url_decode($location['url_sig']),$sender['key'])) {
logger('Unable to verify site signature for ' . $location['url']);
$ret['message'] .= sprintf( t('Unable to verify site signature for %s'), $location['url']) . EOL;
continue;
@@ -3126,7 +3127,7 @@ function import_site($arr, $pubkey) {
if( (! is_array($arr)) || (! $arr['url']) || (! $arr['url_sig']))
return false;
- if(! rsa_verify($arr['url'], base64url_decode($arr['url_sig']), $pubkey)) {
+ if(! Crypto::verify($arr['url'], base64url_decode($arr['url_sig']), $pubkey)) {
logger('Bad url_sig');
return false;
}
@@ -3509,12 +3510,12 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
if($keychange) {
// verify the keychange operation
- if(! rsa_verify($arr['channel']['channel_pubkey'],base64url_decode($arr['keychange']['new_sig']),$channel['channel_prvkey'])) {
+ if(! Crypto::verify($arr['channel']['channel_pubkey'],base64url_decode($arr['keychange']['new_sig']),$channel['channel_prvkey'])) {
logger('sync keychange: verification failed');
continue;
}
- $sig = base64url_encode(rsa_sign($channel['channel_guid'],$arr['channel']['channel_prvkey']));
+ $sig = base64url_encode(Crypto::sign($channel['channel_guid'],$arr['channel']['channel_prvkey']));
$hash = make_xchan_hash($channel['channel_guid'],$sig);
@@ -3551,7 +3552,7 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
foreach($h as $hv) {
$hv['hubloc_guid_sig'] = $sig;
$hv['hubloc_hash'] = $hash;
- $hv['hubloc_url_sig'] = base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey']));
+ $hv['hubloc_url_sig'] = base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey']));
hubloc_store_lowlevel($hv);
}
}
@@ -4329,7 +4330,7 @@ function zot_rekey_request($sender,$data) {
$xchan = $r[0];
- if(! rsa_verify($data['new_key'],base64url_decode($data['new_sig']),$xchan['xchan_pubkey'])) {
+ if(! Crypto::verify($data['new_key'],base64url_decode($data['new_sig']),$xchan['xchan_pubkey'])) {
json_return_and_die($ret);
}
@@ -4367,7 +4368,7 @@ function zotinfo($arr) {
$feed = ((x($arr,'feed')) ? intval($arr['feed']) : 0);
if($ztarget) {
- if((! $zkey) || (! $zsig) || (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) {
+ if((! $zkey) || (! $zsig) || (! Crypto::verify($ztarget,base64url_decode($zsig),$zkey))) {
logger('zfinger: invalid target signature');
$ret['message'] = t("invalid target signature");
return($ret);
@@ -4531,7 +4532,7 @@ function zotinfo($arr) {
// Communication details
if($token)
- $ret['signed_token'] = base64url_encode(rsa_sign('token.' . $token,$e['channel_prvkey'],$sig_method));
+ $ret['signed_token'] = base64url_encode(Crypto::sign('token.' . $token,$e['channel_prvkey'],$sig_method));
$ret['guid'] = $e['xchan_guid'];
@@ -4587,7 +4588,7 @@ function zotinfo($arr) {
// because ztarget refers to an xchan and we don't necessarily know the origination
// location.
- $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey) : $permissions);
+ $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey,) : $permissions);
if($permissions['view_profile'])
$ret['profile'] = $profile;
@@ -4622,9 +4623,9 @@ function zot_site_info($channel_key = '') {
$ret['site'] = [];
$ret['site']['url'] = z_root();
if($channel_key) {
- $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$channel_key,$sig_method));
+ $ret['site']['url_sig'] = base64url_encode(Crypto::sign(z_root(),$channel_key,$sig_method));
}
- $ret['site']['url_site_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method));
+ $ret['site']['url_site_sig'] = base64url_encode(Crypto::sign(z_root(),$signing_key,$sig_method));
$ret['site']['post'] = z_root() . '/post';
$ret['site']['openWebAuth'] = z_root() . '/owa';
$ret['site']['authRedirect'] = z_root() . '/magic';
@@ -4644,8 +4645,8 @@ function zot_site_info($channel_key = '') {
$ret['site']['directory_url'] = z_root() . '/dirsearch';
- $ret['site']['encryption'] = crypto_methods();
- $ret['site']['signing'] = signing_methods();
+ $ret['site']['encryption'] = Crypto::methods();
+ $ret['site']['signing'] = Crypto::signing_methods();
$ret['site']['zot'] = Zotlabs\Lib\System::get_zot_revision();
// hide detailed site information if you're off the grid
@@ -4724,7 +4725,7 @@ function check_zotinfo($channel, $locations, &$ret) {
// the sys channel must have a location (hubloc)
$valid_location = false;
if((count($locations) === 1) && ($locations[0]['primary']) && (! $locations[0]['deleted'])) {
- if((rsa_verify($locations[0]['url'],base64url_decode($locations[0]['url_sig']),$channel['channel_pubkey']))
+ if((Crypto::verify($locations[0]['url'],base64url_decode($locations[0]['url_sig']),$channel['channel_pubkey']))
&& ($locations[0]['sitekey'] === get_config('system','pubkey'))
&& ($locations[0]['url'] === z_root()))
$valid_location = true;
@@ -4752,7 +4753,7 @@ function check_zotinfo($channel, $locations, &$ret) {
'hubloc_network' => 'zot',
'hubloc_primary' => 1,
'hubloc_url' => z_root(),
- 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])),
+ 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])),
'hubloc_host' => App::get_hostname(),
'hubloc_callback' => z_root() . '/post',
'hubloc_sitekey' => get_config('system','pubkey'),
@@ -4931,7 +4932,7 @@ function zot_reply_ping() {
$ret['success'] = true;
$ret['site'] = array();
$ret['site']['url'] = z_root();
- $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),get_config('system','prvkey')));
+ $ret['site']['url_sig'] = base64url_encode(Crypto::sign(z_root(),get_config('system','prvkey')));
$ret['site']['sitekey'] = get_config('system','pubkey');
json_return_and_die($ret);
@@ -4979,10 +4980,10 @@ function zot_reply_pickup($data) {
logger('mod_zot: Checking sitekey: ' . $sitekey, LOGGER_DATA, LOG_DEBUG);
- if(rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
+ if(Crypto::verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
$forgery = false;
}
- if(rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
+ if(Crypto::verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
$secret_fail = false;
}
if((! $forgery) && (! $secret_fail))
@@ -5076,7 +5077,7 @@ function zot_reply_pickup($data) {
);
$algorithm = zot_best_algorithm(($x) ? $x[0]['site_crypto'] : '');
- $encrypted = crypto_encapsulate(json_encode($ret),$sitekey,$algorithm);
+ $encrypted = Crypto::encapsulate(json_encode($ret),$sitekey,$algorithm);
json_return_and_die($encrypted);
// @FIXME: There is a possibility that the transmission will get interrupted
@@ -5133,7 +5134,7 @@ function zot_reply_auth_check($data,$encrypted_packet) {
// First verify their signature. We will have obtained a zot-info packet from them as part of the sender
// verification.
- if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
+ if ((! $y) || (! Crypto::verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
$ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL;
@@ -5158,7 +5159,7 @@ function zot_reply_auth_check($data,$encrypted_packet) {
json_return_and_die($ret);
}
- $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey']));
+ $confirm = base64url_encode(Crypto::sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey']));
// This additionally checks for forged sites since we already stored the expected result in meta
// and we've already verified that this is them via zot_gethub() and that their key signed our token
diff --git a/tests/unit/Lib/KeyutilsTest.php b/tests/unit/Lib/KeyutilsTest.php
index bb5f84728..d1b0b5ab8 100644
--- a/tests/unit/Lib/KeyutilsTest.php
+++ b/tests/unit/Lib/KeyutilsTest.php
@@ -34,8 +34,6 @@ use Zotlabs\Lib\Keyutils;
* @covers Zotlabs\Lib\Keyutils
*/
-
-
class KeyutilsTest extends UnitTestCase {
protected function getPubPKCS1() {
diff --git a/tests/unit/Web/HttpSigTest.php b/tests/unit/Web/HttpSigTest.php
index bd11b96c8..5524e0510 100644
--- a/tests/unit/Web/HttpSigTest.php
+++ b/tests/unit/Web/HttpSigTest.php
@@ -71,7 +71,7 @@ class HttpSigTest extends UnitTestCase {
}
/**
- * @uses ::crypto_unencapsulate
+ * @uses ::Crypto::unencapsulate
*/
function testDecrypt_sigheader() {
$header = 'Header: iv="value_iv" key="value_key" alg="value_alg" data="value_data"';
@@ -86,7 +86,7 @@ class HttpSigTest extends UnitTestCase {
$this->assertSame($result, HTTPSig::decrypt_sigheader($header, 'site private key'));
}
/**
- * @uses ::crypto_unencapsulate
+ * @uses ::Crypto::unencapsulate
*/
function testDecrypt_sigheaderUseSitePrivateKey() {
// Create a stub for global function get_config() with expectation
@@ -95,7 +95,7 @@ class HttpSigTest extends UnitTestCase {
$header = 'Header: iv="value_iv" key="value_key" alg="value_alg" data="value_data"';
$result = [
- 'encrypted' => true,
+ 'encrypted' => true,
'iv' => 'value_iv',
'key' => 'value_key',
'alg' => 'value_alg',
diff --git a/vendor/composer/InstalledVersions.php b/vendor/composer/InstalledVersions.php
index 4e4b8790a..875700f7a 100644
--- a/vendor/composer/InstalledVersions.php
+++ b/vendor/composer/InstalledVersions.php
@@ -29,7 +29,7 @@ private static $installed = array (
'aliases' =>
array (
),
- 'reference' => '6b8b42fb211d488388044621d8cff9e6d85e2b0f',
+ 'reference' => '5aee2f172ecdf58e13dd328c787fd199c48d24c5',
'name' => 'zotlabs/hubzilla',
),
'versions' =>
@@ -271,7 +271,7 @@ private static $installed = array (
'aliases' =>
array (
),
- 'reference' => '6b8b42fb211d488388044621d8cff9e6d85e2b0f',
+ 'reference' => '5aee2f172ecdf58e13dd328c787fd199c48d24c5',
),
),
);
diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
index f9d9d5f93..7c1ac62d8 100644
--- a/vendor/composer/installed.php
+++ b/vendor/composer/installed.php
@@ -6,7 +6,7 @@
'aliases' =>
array (
),
- 'reference' => '6b8b42fb211d488388044621d8cff9e6d85e2b0f',
+ 'reference' => '5aee2f172ecdf58e13dd328c787fd199c48d24c5',
'name' => 'zotlabs/hubzilla',
),
'versions' =>
@@ -248,7 +248,7 @@
'aliases' =>
array (
),
- 'reference' => '6b8b42fb211d488388044621d8cff9e6d85e2b0f',
+ 'reference' => '5aee2f172ecdf58e13dd328c787fd199c48d24c5',
),
),
);