diff options
| author | zotlabs <mike@macgirvin.com> | 2017-04-01 15:30:59 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-04-01 15:30:59 -0700 |
| commit | 810d9e21bcf35c3897718d8eb5a798372656f517 (patch) | |
| tree | 2e36921ad52aa450c3a98bdb7d80af1521645097 /include/crypto.php | |
| parent | 7256579c168fbda8e8d5fc8a0e9de179fa27534c (diff) | |
| download | volse-hubzilla-810d9e21bcf35c3897718d8eb5a798372656f517.tar.gz volse-hubzilla-810d9e21bcf35c3897718d8eb5a798372656f517.tar.bz2 volse-hubzilla-810d9e21bcf35c3897718d8eb5a798372656f517.zip | |
use aes-ctr which is slightly/arguably better than a poke in the eye and don't restrict the crypto algorithm by server role.
Diffstat (limited to 'include/crypto.php')
| -rw-r--r-- | include/crypto.php | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/include/crypto.php b/include/crypto.php index bcbb3d388..187330c6c 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -79,16 +79,16 @@ function STD_decrypt($data,$key,$iv) { return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } -function AES256GCM_encrypt($data,$key,$iv) { +function AES256CTR_encrypt($data,$key,$iv) { $key = substr($key,0,32); - $iv = substr($iv,0,12); - return openssl_encrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,12,"\0")); + $iv = substr($iv,0,16); + return openssl_encrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } -function AES256GCM_decrypt($data,$key,$iv) { +function AES256CTR_decrypt($data,$key,$iv) { $key = substr($key,0,32); - $iv = substr($iv,0,12); - return openssl_decrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,12,"\0")); + $iv = substr($iv,0,16); + return openssl_decrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } @@ -155,9 +155,6 @@ function other_encapsulate($data,$pubkey,$alg) { function crypto_methods() { - if(\Zotlabs\Lib\System::get_server_role() !== 'pro') - return [ 'aes256cbc' ]; - // 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. // aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. // other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a @@ -165,7 +162,7 @@ function crypto_methods() { // The actual methods are responsible for deriving the actual key/iv from the provided parameters; // possibly by truncation or segmentation - though many other methods could be used. - $r = [ 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; + $r = [ 'aes256ctr', 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; call_hooks('crypto_methods',$r); return $r; |