aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorFriendika <info@friendika.com>2011-08-09 18:55:46 -0700
committerFriendika <info@friendika.com>2011-08-09 18:55:46 -0700
commit1bfe1283aa38454369f29883411a6c012c88df59 (patch)
treeb85f93b9d4c6b40bf4678ccd32fea7b9531f27bb /include
parent49be3941828668e762141972afa1324045805f20 (diff)
downloadvolse-hubzilla-1bfe1283aa38454369f29883411a6c012c88df59.tar.gz
volse-hubzilla-1bfe1283aa38454369f29883411a6c012c88df59.tar.bz2
volse-hubzilla-1bfe1283aa38454369f29883411a6c012c88df59.zip
crypto stuff
Diffstat (limited to 'include')
-rw-r--r--include/crypto.php (renamed from include/certfns.php)54
-rw-r--r--include/diaspora.php25
-rw-r--r--include/network.php14
-rw-r--r--include/salmon.php31
-rw-r--r--include/text.php6
5 files changed, 82 insertions, 48 deletions
diff --git a/include/certfns.php b/include/crypto.php
index aa84cfeb6..1ab9e7b25 100644
--- a/include/certfns.php
+++ b/include/crypto.php
@@ -1,6 +1,56 @@
<?php
require_once('library/ASNValue.class.php');
+require_once('library/asn1.php');
+
+
+function rsa_sign($data,$key) {
+
+ $sig = '';
+ if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+ openssl_sign($data,$sig,$key,'sha256');
+ }
+ else {
+ if(strlen($key) < 1024 || extension_loaded('gmp')) {
+ require_once('library/phpsec/Crypt/RSA.php');
+ $rsa = new CRYPT_RSA();
+ $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
+ $rsa->setHash('sha256');
+ $rsa->loadKey($key);
+ $sig = $rsa->sign($data);
+ }
+ else {
+ logger('rsa_sign: insecure algorithm used. Please upgrade PHP to 5.3');
+ openssl_private_encrypt(hex2bin('3031300d060960864801650304020105000420') . hash('sha256',$data,true), $sig, $key);
+ }
+ }
+ return $sig;
+}
+
+function rsa_verify($data,$sig,$key) {
+
+ if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+ $verify = openssl_verify($data,$sig,$key,'sha256');
+ }
+ else {
+ if(strlen($key) <= 300 || extension_loaded('gmp')) {
+ require_once('library/phpsec/Crypt/RSA.php');
+ $rsa = new CRYPT_RSA();
+ $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
+ $rsa->setHash('sha256');
+ $rsa->loadKey($key);
+ $verify = $rsa->verify($data,$sig);
+ }
+ else {
+ // fallback sha256 verify for PHP < 5.3 and large key lengths
+ $rawsig = '';
+ openssl_public_decrypt($sig,$rawsig,$key);
+ $verify = (($rawsig && substr($rawsig,-32) === hash('sha256',$data,true)) ? true : false);
+ }
+ }
+ return $verify;
+}
+
function DerToPem($Der, $Private=false)
{
@@ -128,3 +178,7 @@ function metorsa($m,$e) {
return $key;
}
+function salmon_key($pubkey) {
+ pemtome($pubkey,$m,$e);
+ return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
+}
diff --git a/include/diaspora.php b/include/diaspora.php
index d25137bf3..e39617aa3 100644
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -1,6 +1,6 @@
<?php
-require_once('include/certfns.php');
+require_once('include/crypto.php');
function receive_return($val) {
@@ -83,9 +83,7 @@ function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) {
$signable_data = $data . '.' . base64url_encode($type) . "\n" . '.'
. base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
- $signature = '';
- $result = openssl_sign($signable_data,$signature,$prvkey,'SHA256');
-
+ $signature = rsa_sign($signable_data,$prvkey);
$sig = base64url_encode($signature);
$decrypted_header = <<< EOT
@@ -226,7 +224,7 @@ function diaspora_decode($importer,$xml) {
if(! $author_link) {
logger('mod-diaspora: Could not retrieve author URI.');
- receive_return(400);
+ http_status_exit(400);
}
// Once we have the author URI, go to the web and try to find their public key
@@ -239,25 +237,14 @@ function diaspora_decode($importer,$xml) {
if(! $key) {
logger('mod-diaspora: Could not retrieve author key.');
- receive_return(400);
+ http_status_exit(400);
}
- $verify = false;
-
- if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
- $verify = openssl_verify($signed_data,$signature,$key,'sha256');
- }
- else {
- // fallback sha256 verify for PHP < 5.3
- $rawsig = '';
- $hash = hash('sha256',$signed_data,true);
- openssl_public_decrypt($signature,$rawsig,$key);
- $verify = (($rawsig && substr($rawsig,-32) === $hash) ? true : false);
- }
+ $verify = rsa_verify($signed_data,$signature,$key);
if(! $verify) {
logger('mod-diaspora: Message did not verify. Discarding.');
- receive_return(400);
+ http_status_exit(400);
}
logger('mod-diaspora: Message verified.');
diff --git a/include/network.php b/include/network.php
index 48e830e84..ddfc34977 100644
--- a/include/network.php
+++ b/include/network.php
@@ -181,6 +181,20 @@ function xml_status($st, $message = '') {
}}
+if(! function_exists('http_status_exit')) {
+function http_status_exit($val) {
+
+ if($val >= 400)
+ $err = 'Error';
+ if($val >= 200 && $val < 300)
+ $err = 'OK';
+
+ logger('http_status_exit ' . $val);
+ header($_SERVER["SERVER_PROTOCOL"] . ' ' . $val . ' ' . $err);
+ killme();
+
+}}
+
// convert an XML document to a normalised, case-corrected array
// used by webfinger
diff --git a/include/salmon.php b/include/salmon.php
index 3ccae2756..4043b4f1d 100644
--- a/include/salmon.php
+++ b/include/salmon.php
@@ -1,21 +1,7 @@
<?php
-require_once('library/asn1.php');
+require_once('include/crypto.php');
-function salmon_key($pubkey) {
- $lines = explode("\n",$pubkey);
- unset($lines[0]);
- unset($lines[count($lines)]);
- $x = base64_decode(implode('',$lines));
-
- $r = ASN_BASE::parseASNString($x);
-
- $m = $r[0]->asnData[1]->asnData[0]->asnData[0]->asnData;
- $e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData;
-
-
- return 'RSA' . '.' . $m . '.' . $e ;
-}
function get_salmon_key($uri,$keyhash) {
@@ -112,24 +98,15 @@ EOT;
$algorithm = 'RSA-SHA256';
$keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true);
- // Setup RSA stuff to PKCS#1 sign the data
-
- require_once('library/phpsec/Crypt/RSA.php');
-
- $rsa = new CRYPT_RSA();
- $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
- $rsa->setHash('sha256');
- $rsa->loadKey($owner['sprvkey']);
-
// precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods
$precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
- $signature = base64url_encode($rsa->sign(str_replace('=','',$data . $precomputed),true));
+ $signature = base64url_encode(rsa_sign(str_replace('=','',$data . $precomputed),true),$owner['sprvkey']);
- $signature2 = base64url_encode($rsa->sign($data . $precomputed));
+ $signature2 = base64url_encode(rsa_sign($data . $precomputed),$owner['sprvkey']);
- $signature3 = base64url_encode($rsa->sign($data));
+ $signature3 = base64url_encode(rsa_sign($data),$owner['sprvkey']);
$salmon_tpl = get_markup_template('magicsig.tpl');
diff --git a/include/text.php b/include/text.php
index adc94b458..7b43cd340 100644
--- a/include/text.php
+++ b/include/text.php
@@ -671,7 +671,7 @@ function smilies($s) {
$a = get_app();
return str_replace(
- array( '&lt;3', '&lt;/3', '&lt;\\3', ':-)', ':)', ';-)', ':-(', ':(', ':-P', ':P', ':-"', ':-x', ':-X', ':-D', '8-|', '8-O'),
+ array( '&lt;3', '&lt;/3', '&lt;\\3', ':-)', ':)', ';-)', ':-(', ':(', ':-P', ':P', ':-"', ':-x', ':-X', ':-D', '8-|', '8-O', '~friendika' ),
array(
'<img src="' . $a->get_baseurl() . '/images/smiley-heart.gif" alt="<3" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="</3" />',
@@ -688,7 +688,9 @@ function smilies($s) {
'<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-X" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":-D" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-|" />',
- '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />'
+ '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />',
+ '<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>',
+
), $s);
}}