diff options
author | zotlabs <mike@macgirvin.com> | 2017-04-02 16:40:36 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-04-02 16:40:36 -0700 |
commit | 044067f0556be3b896fc1b183038777d971e9b57 (patch) | |
tree | bc505a3a401e70cafefbb975692c0a329ef965d3 /include | |
parent | 810d9e21bcf35c3897718d8eb5a798372656f517 (diff) | |
download | volse-hubzilla-044067f0556be3b896fc1b183038777d971e9b57.tar.gz volse-hubzilla-044067f0556be3b896fc1b183038777d971e9b57.tar.bz2 volse-hubzilla-044067f0556be3b896fc1b183038777d971e9b57.zip |
harden security
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto.php | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/include/crypto.php b/include/crypto.php index 187330c6c..2c5545e9b 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -55,6 +55,7 @@ function AES256CBC_decrypt($data,$key,$iv) { return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } + function AES128CBC_encrypt($data,$key,$iv) { $key = substr($key,0,16); $iv = substr($iv,0,16); @@ -67,28 +68,30 @@ function AES128CBC_decrypt($data,$key,$iv) { return openssl_decrypt($data,'aes-128-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } -function STD_encrypt($data,$key,$iv) { + +function AES256CTR_encrypt($data,$key,$iv) { $key = substr($key,0,32); $iv = substr($iv,0,16); - return openssl_encrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); + return openssl_encrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } -function STD_decrypt($data,$key,$iv) { +function AES256CTR_decrypt($data,$key,$iv) { $key = substr($key,0,32); $iv = substr($iv,0,16); - return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); + return openssl_decrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } -function AES256CTR_encrypt($data,$key,$iv) { + +function CAMELLIA256CFB_encrypt($data,$key,$iv) { $key = substr($key,0,32); $iv = substr($iv,0,16); - return openssl_encrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); + return openssl_encrypt($data,'camellia-256-cfb',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } -function AES256CTR_decrypt($data,$key,$iv) { +function CAMELLIA256CFB_decrypt($data,$key,$iv) { $key = substr($key,0,32); $iv = substr($iv,0,16); - return openssl_decrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); + return openssl_decrypt($data,'camellia-256-cfb',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); } @@ -104,6 +107,20 @@ function CAST5CBC_decrypt($data,$key,$iv) { return openssl_decrypt($data,'cast5-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); } +function CAST5CFB_encrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,8); + return openssl_encrypt($data,'cast5-cfb',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); +} + +function CAST5CFB_decrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,8); + return openssl_decrypt($data,'cast5-cfb',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); +} + + + function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { $fn = strtoupper($alg) . '_encrypt'; @@ -155,14 +172,13 @@ function other_encapsulate($data,$pubkey,$alg) { function crypto_methods() { - // 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. // aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. // other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a // particular implementation or choice of underlying implementations based on the key/iv length. // The actual methods are responsible for deriving the actual key/iv from the provided parameters; // possibly by truncation or segmentation - though many other methods could be used. - $r = [ 'aes256ctr', 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; + $r = [ 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; call_hooks('crypto_methods',$r); return $r; |