diff options
author | Friendika <info@friendika.com> | 2011-08-09 18:55:46 -0700 |
---|---|---|
committer | Friendika <info@friendika.com> | 2011-08-09 18:55:46 -0700 |
commit | 1bfe1283aa38454369f29883411a6c012c88df59 (patch) | |
tree | b85f93b9d4c6b40bf4678ccd32fea7b9531f27bb /include | |
parent | 49be3941828668e762141972afa1324045805f20 (diff) | |
download | volse-hubzilla-1bfe1283aa38454369f29883411a6c012c88df59.tar.gz volse-hubzilla-1bfe1283aa38454369f29883411a6c012c88df59.tar.bz2 volse-hubzilla-1bfe1283aa38454369f29883411a6c012c88df59.zip |
crypto stuff
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto.php (renamed from include/certfns.php) | 54 | ||||
-rw-r--r-- | include/diaspora.php | 25 | ||||
-rw-r--r-- | include/network.php | 14 | ||||
-rw-r--r-- | include/salmon.php | 31 | ||||
-rw-r--r-- | include/text.php | 6 |
5 files changed, 82 insertions, 48 deletions
diff --git a/include/certfns.php b/include/crypto.php index aa84cfeb6..1ab9e7b25 100644 --- a/include/certfns.php +++ b/include/crypto.php @@ -1,6 +1,56 @@ <?php require_once('library/ASNValue.class.php'); +require_once('library/asn1.php'); + + +function rsa_sign($data,$key) { + + $sig = ''; + if (version_compare(PHP_VERSION, '5.3.0', '>=')) { + openssl_sign($data,$sig,$key,'sha256'); + } + else { + if(strlen($key) < 1024 || extension_loaded('gmp')) { + require_once('library/phpsec/Crypt/RSA.php'); + $rsa = new CRYPT_RSA(); + $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; + $rsa->setHash('sha256'); + $rsa->loadKey($key); + $sig = $rsa->sign($data); + } + else { + logger('rsa_sign: insecure algorithm used. Please upgrade PHP to 5.3'); + openssl_private_encrypt(hex2bin('3031300d060960864801650304020105000420') . hash('sha256',$data,true), $sig, $key); + } + } + return $sig; +} + +function rsa_verify($data,$sig,$key) { + + if (version_compare(PHP_VERSION, '5.3.0', '>=')) { + $verify = openssl_verify($data,$sig,$key,'sha256'); + } + else { + if(strlen($key) <= 300 || extension_loaded('gmp')) { + require_once('library/phpsec/Crypt/RSA.php'); + $rsa = new CRYPT_RSA(); + $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; + $rsa->setHash('sha256'); + $rsa->loadKey($key); + $verify = $rsa->verify($data,$sig); + } + else { + // fallback sha256 verify for PHP < 5.3 and large key lengths + $rawsig = ''; + openssl_public_decrypt($sig,$rawsig,$key); + $verify = (($rawsig && substr($rawsig,-32) === hash('sha256',$data,true)) ? true : false); + } + } + return $verify; +} + function DerToPem($Der, $Private=false) { @@ -128,3 +178,7 @@ function metorsa($m,$e) { return $key; } +function salmon_key($pubkey) { + pemtome($pubkey,$m,$e); + return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ; +} diff --git a/include/diaspora.php b/include/diaspora.php index d25137bf3..e39617aa3 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1,6 +1,6 @@ <?php -require_once('include/certfns.php'); +require_once('include/crypto.php'); function receive_return($val) { @@ -83,9 +83,7 @@ function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) { $signable_data = $data . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; - $signature = ''; - $result = openssl_sign($signable_data,$signature,$prvkey,'SHA256'); - + $signature = rsa_sign($signable_data,$prvkey); $sig = base64url_encode($signature); $decrypted_header = <<< EOT @@ -226,7 +224,7 @@ function diaspora_decode($importer,$xml) { if(! $author_link) { logger('mod-diaspora: Could not retrieve author URI.'); - receive_return(400); + http_status_exit(400); } // Once we have the author URI, go to the web and try to find their public key @@ -239,25 +237,14 @@ function diaspora_decode($importer,$xml) { if(! $key) { logger('mod-diaspora: Could not retrieve author key.'); - receive_return(400); + http_status_exit(400); } - $verify = false; - - if (version_compare(PHP_VERSION, '5.3.0', '>=')) { - $verify = openssl_verify($signed_data,$signature,$key,'sha256'); - } - else { - // fallback sha256 verify for PHP < 5.3 - $rawsig = ''; - $hash = hash('sha256',$signed_data,true); - openssl_public_decrypt($signature,$rawsig,$key); - $verify = (($rawsig && substr($rawsig,-32) === $hash) ? true : false); - } + $verify = rsa_verify($signed_data,$signature,$key); if(! $verify) { logger('mod-diaspora: Message did not verify. Discarding.'); - receive_return(400); + http_status_exit(400); } logger('mod-diaspora: Message verified.'); diff --git a/include/network.php b/include/network.php index 48e830e84..ddfc34977 100644 --- a/include/network.php +++ b/include/network.php @@ -181,6 +181,20 @@ function xml_status($st, $message = '') { }} +if(! function_exists('http_status_exit')) { +function http_status_exit($val) { + + if($val >= 400) + $err = 'Error'; + if($val >= 200 && $val < 300) + $err = 'OK'; + + logger('http_status_exit ' . $val); + header($_SERVER["SERVER_PROTOCOL"] . ' ' . $val . ' ' . $err); + killme(); + +}} + // convert an XML document to a normalised, case-corrected array // used by webfinger diff --git a/include/salmon.php b/include/salmon.php index 3ccae2756..4043b4f1d 100644 --- a/include/salmon.php +++ b/include/salmon.php @@ -1,21 +1,7 @@ <?php -require_once('library/asn1.php'); +require_once('include/crypto.php'); -function salmon_key($pubkey) { - $lines = explode("\n",$pubkey); - unset($lines[0]); - unset($lines[count($lines)]); - $x = base64_decode(implode('',$lines)); - - $r = ASN_BASE::parseASNString($x); - - $m = $r[0]->asnData[1]->asnData[0]->asnData[0]->asnData; - $e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData; - - - return 'RSA' . '.' . $m . '.' . $e ; -} function get_salmon_key($uri,$keyhash) { @@ -112,24 +98,15 @@ EOT; $algorithm = 'RSA-SHA256'; $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true); - // Setup RSA stuff to PKCS#1 sign the data - - require_once('library/phpsec/Crypt/RSA.php'); - - $rsa = new CRYPT_RSA(); - $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); - $rsa->loadKey($owner['sprvkey']); - // precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods $precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng=='; - $signature = base64url_encode($rsa->sign(str_replace('=','',$data . $precomputed),true)); + $signature = base64url_encode(rsa_sign(str_replace('=','',$data . $precomputed),true),$owner['sprvkey']); - $signature2 = base64url_encode($rsa->sign($data . $precomputed)); + $signature2 = base64url_encode(rsa_sign($data . $precomputed),$owner['sprvkey']); - $signature3 = base64url_encode($rsa->sign($data)); + $signature3 = base64url_encode(rsa_sign($data),$owner['sprvkey']); $salmon_tpl = get_markup_template('magicsig.tpl'); diff --git a/include/text.php b/include/text.php index adc94b458..7b43cd340 100644 --- a/include/text.php +++ b/include/text.php @@ -671,7 +671,7 @@ function smilies($s) { $a = get_app(); return str_replace( - array( '<3', '</3', '<\\3', ':-)', ':)', ';-)', ':-(', ':(', ':-P', ':P', ':-"', ':-x', ':-X', ':-D', '8-|', '8-O'), + array( '<3', '</3', '<\\3', ':-)', ':)', ';-)', ':-(', ':(', ':-P', ':P', ':-"', ':-x', ':-X', ':-D', '8-|', '8-O', '~friendika' ), array( '<img src="' . $a->get_baseurl() . '/images/smiley-heart.gif" alt="<3" />', '<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="</3" />', @@ -688,7 +688,9 @@ function smilies($s) { '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-X" />', '<img src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":-D" />', '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-|" />', - '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />' + '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />', + '<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>', + ), $s); }} |