diff options
author | Friendika <info@friendika.com> | 2011-08-27 18:09:43 -0700 |
---|---|---|
committer | Friendika <info@friendika.com> | 2011-08-27 18:09:43 -0700 |
commit | ada8bee70e89c34afa53eff9ad70315cfcd34c6d (patch) | |
tree | 048175af42a2738a4c42c34df9e4d75b0101c897 /include/crypto.php | |
parent | e3dbb6339386fce5cef2d22be6edd63b93a9b41d (diff) | |
download | volse-hubzilla-ada8bee70e89c34afa53eff9ad70315cfcd34c6d.tar.gz volse-hubzilla-ada8bee70e89c34afa53eff9ad70315cfcd34c6d.tar.bz2 volse-hubzilla-ada8bee70e89c34afa53eff9ad70315cfcd34c6d.zip |
remove public disclosure risk
Diffstat (limited to 'include/crypto.php')
-rw-r--r-- | include/crypto.php | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/include/crypto.php b/include/crypto.php index a20606db5..88e05b9eb 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -225,3 +225,68 @@ function pkcs5_unpad($text) if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; return substr($text, 0, -1 * $pad); } + +function AES256CBC_encrypt($data,$key,$iv) { + return mcrypt_encrypt( + MCRYPT_RIJNDAEL_128, + str_pad($key,32,"\0"), + pkcs5_pad($data,16), + MCRYPT_MODE_CBC, + str_pad($iv,16,"\0")); +} + +function AES256CBC_decrypt($data,$key,$iv) { + return pkcs5_unpad(mcrypt_decrypt( + MCRYPT_RIJNDAEL_128, + str_pad($key,32,"\0"), + $data, + MCRYPT_MODE_CBC, + str_pad($iv,16,"\0"))); +} + +function aes_encapsulate($data,$pubkey) { + $key = random_string(32,RANDOM_STRING_TEXT); + $iv = random_string(16,RANDOM_STRING_TEXT); + $result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true); + openssl_public_encrypt($key,$k,$pubkey); + $result['key'] = base64url_encode($k,true); + openssl_public_encrypt($iv,$i,$pubkey); + $result['iv'] = base64url_encode($i,true); + return $result; +} + +function aes_unencapsulate($data,$prvkey) { + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); + return AES256CBC_decrypt(base64url_decode($data['data']),$k,$i); +} + + +function zot_encapsulate($data,$sender,$pubkey) { +$res = aes_encapsulate($data,$pubkey); +openssl_public_encrypt($sender,$s,$pubkey); +$s1 = base64url_encode($s,true); + +return <<< EOT +<?xml version='1.0' encoding='UTF-8'?> +<zot:env xmlns:zot='http://purl.org/zot/1.0'> + <zot:key>{$res['key']}</zot:key> + <zot:iv>{$res['iv']}</zot:iv> + <zot:sender>$s1</zot:sender> + <zot:alg>AES-256-CBC</zot:alg> + <zot:data type='application/magic-envelope+xml'>{$res['data']}</zot:data> +</zot:env> +EOT; + +} + +function zot_unencapsulate($data,$prvkey) { + $ret = array(); + $c = array(); + $x = parse_xml_string($data); + $c = array('key' => $x->key,'iv' => $x->iv,'data' => $x->data); + openssl_private_decrypt(base64url_decode($x->sender),$s,$prvkey); + $ret['sender'] = $s; + $ret['data'] = aes_unencapsulate($x,$prvkey); + return $ret; +}
\ No newline at end of file |