Protocol: now set data['alg'] on all encapsulated encrypted packets, so that we can more easily retire 'aes256cbc' once it is no longer viable.

1 files changed, 16 insertions, 0 deletions

diff --git a/include/crypto.php b/include/crypto.php
index a0268ef93..ca01814da 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -49,6 +49,13 @@ function AES256CBC_decrypt($data,$key,$iv) {
 		str_pad($iv,16,"\0")));
 }
 
+function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') {
+	if($alg === 'aes256cbc')
+		return aes_encapsulate($data,$pubkey);
+
+}
+
+
 function aes_encapsulate($data,$pubkey) {
 	if(! $pubkey)
 		logger('aes_encapsulate: no key. data: ' . $data);
@@ -60,12 +67,21 @@ function aes_encapsulate($data,$pubkey) {
 		$x = debug_backtrace();
 		logger('aes_encapsulate: RSA failed. ' . print_r($x[0],true));
 	}
+	$result['alg'] = 'aes256cbc';
  	$result['key'] = base64url_encode($k,true);
 	openssl_public_encrypt($iv,$i,$pubkey);
 	$result['iv'] = base64url_encode($i,true);
 	return $result;
 }
 
+function crypto_unencapsulate($data,$prvkey) {
+	$alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
+	if($alg === 'aes256cbc')
+		return aes_unencapsulate($data,$prvkey);
+
+}
+
+
 function aes_unencapsulate($data,$prvkey) {
 	openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey);
 	openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey);