aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-04-01 15:30:59 -0700
committerzotlabs <mike@macgirvin.com>2017-04-01 15:30:59 -0700
commit810d9e21bcf35c3897718d8eb5a798372656f517 (patch)
tree2e36921ad52aa450c3a98bdb7d80af1521645097 /include
parent7256579c168fbda8e8d5fc8a0e9de179fa27534c (diff)
downloadvolse-hubzilla-810d9e21bcf35c3897718d8eb5a798372656f517.tar.gz
volse-hubzilla-810d9e21bcf35c3897718d8eb5a798372656f517.tar.bz2
volse-hubzilla-810d9e21bcf35c3897718d8eb5a798372656f517.zip
use aes-ctr which is slightly/arguably better than a poke in the eye and don't restrict the crypto algorithm by server role.
Diffstat (limited to 'include')
-rw-r--r--include/crypto.php17
-rw-r--r--include/zot.php3
2 files changed, 7 insertions, 13 deletions
diff --git a/include/crypto.php b/include/crypto.php
index bcbb3d388..187330c6c 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -79,16 +79,16 @@ function STD_decrypt($data,$key,$iv) {
return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
}
-function AES256GCM_encrypt($data,$key,$iv) {
+function AES256CTR_encrypt($data,$key,$iv) {
$key = substr($key,0,32);
- $iv = substr($iv,0,12);
- return openssl_encrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,12,"\0"));
+ $iv = substr($iv,0,16);
+ return openssl_encrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
}
-function AES256GCM_decrypt($data,$key,$iv) {
+function AES256CTR_decrypt($data,$key,$iv) {
$key = substr($key,0,32);
- $iv = substr($iv,0,12);
- return openssl_decrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,12,"\0"));
+ $iv = substr($iv,0,16);
+ return openssl_decrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
}
@@ -155,9 +155,6 @@ function other_encapsulate($data,$pubkey,$alg) {
function crypto_methods() {
- if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
- return [ 'aes256cbc' ];
-
// 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv.
// aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv.
// other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a
@@ -165,7 +162,7 @@ function crypto_methods() {
// The actual methods are responsible for deriving the actual key/iv from the provided parameters;
// possibly by truncation or segmentation - though many other methods could be used.
- $r = [ 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
+ $r = [ 'aes256ctr', 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
call_hooks('crypto_methods',$r);
return $r;
diff --git a/include/zot.php b/include/zot.php
index 8a2178913..b3999920f 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -165,9 +165,6 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
function zot_best_algorithm($methods) {
- if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
- return 'aes256cbc';
-
$x = [ 'methods' => $methods, 'result' => '' ];
call_hooks('zot_best_algorithm',$x);
if($x['result'])