diff options
-rw-r--r-- | boot.php | 2 | ||||
-rw-r--r-- | include/crypto.php | 65 | ||||
-rw-r--r-- | include/diaspora.php | 23 | ||||
-rw-r--r-- | mod/network.php | 2 |
4 files changed, 88 insertions, 4 deletions
@@ -7,7 +7,7 @@ require_once('include/text.php'); require_once("include/pgettext.php"); -define ( 'FRIENDIKA_VERSION', '2.2.1084' ); +define ( 'FRIENDIKA_VERSION', '2.2.1085' ); define ( 'DFRN_PROTOCOL_VERSION', '2.21' ); define ( 'DB_UPDATE_VERSION', 1083 ); diff --git a/include/crypto.php b/include/crypto.php index a20606db5..88e05b9eb 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -225,3 +225,68 @@ function pkcs5_unpad($text) if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; return substr($text, 0, -1 * $pad); } + +function AES256CBC_encrypt($data,$key,$iv) { + return mcrypt_encrypt( + MCRYPT_RIJNDAEL_128, + str_pad($key,32,"\0"), + pkcs5_pad($data,16), + MCRYPT_MODE_CBC, + str_pad($iv,16,"\0")); +} + +function AES256CBC_decrypt($data,$key,$iv) { + return pkcs5_unpad(mcrypt_decrypt( + MCRYPT_RIJNDAEL_128, + str_pad($key,32,"\0"), + $data, + MCRYPT_MODE_CBC, + str_pad($iv,16,"\0"))); +} + +function aes_encapsulate($data,$pubkey) { + $key = random_string(32,RANDOM_STRING_TEXT); + $iv = random_string(16,RANDOM_STRING_TEXT); + $result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true); + openssl_public_encrypt($key,$k,$pubkey); + $result['key'] = base64url_encode($k,true); + openssl_public_encrypt($iv,$i,$pubkey); + $result['iv'] = base64url_encode($i,true); + return $result; +} + +function aes_unencapsulate($data,$prvkey) { + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); + return AES256CBC_decrypt(base64url_decode($data['data']),$k,$i); +} + + +function zot_encapsulate($data,$sender,$pubkey) { +$res = aes_encapsulate($data,$pubkey); +openssl_public_encrypt($sender,$s,$pubkey); +$s1 = base64url_encode($s,true); + +return <<< EOT +<?xml version='1.0' encoding='UTF-8'?> +<zot:env xmlns:zot='http://purl.org/zot/1.0'> + <zot:key>{$res['key']}</zot:key> + <zot:iv>{$res['iv']}</zot:iv> + <zot:sender>$s1</zot:sender> + <zot:alg>AES-256-CBC</zot:alg> + <zot:data type='application/magic-envelope+xml'>{$res['data']}</zot:data> +</zot:env> +EOT; + +} + +function zot_unencapsulate($data,$prvkey) { + $ret = array(); + $c = array(); + $x = parse_xml_string($data); + $c = array('key' => $x->key,'iv' => $x->iv,'data' => $x->data); + openssl_private_decrypt(base64url_decode($x->sender),$s,$prvkey); + $ret['sender'] = $s; + $ret['data'] = aes_unencapsulate($x,$prvkey); + return $ret; +}
\ No newline at end of file diff --git a/include/diaspora.php b/include/diaspora.php index e3ab9458d..10b342289 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -3,6 +3,7 @@ require_once('include/crypto.php'); require_once('include/items.php'); require_once('include/bb2diaspora.php'); +require_once('include/contact_selectors.php'); function diaspora_dispatch($importer,$msg) { @@ -1060,10 +1061,24 @@ function diaspora_send_relay($item,$owner,$contact) { $like = false; } - $text = html_entity_decode(bb2diaspora($item['body'])); + $body = $item['body']; + + $itemcontact = q("select * from contact where `id` = %d limit 1", + intval($item['contact-id']) + ); + if(count($itemcontact)) { + if(! $itemcontact[0]['self']) { + $prefix = sprintf( t('[Relayed] Comment authored by %s from network %s'), + '['. $item['author-name'] . ']' . '(' . $item['author-link'] . ')', + network_to_name($itemcontact['network'])) . "\n"; + $body = $prefix . $body; + } + } + + $text = html_entity_decode(bb2diaspora($body)); // fetch the original signature if somebody sent the post to us to relay - // if we are relaying for a reply originating here, there wasn't a 'send to relay' + // If we are relaying for a reply originating here, there wasn't a 'send to relay' // action. It wasn't needed. In that case create the original signature and the // owner (parent author) signature @@ -1076,6 +1091,10 @@ function diaspora_send_relay($item,$owner,$contact) { $authorsig = $orig_sign['signature']; } else { + + + + if($like) $signed_text = $item['guid'] . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $myaddr; else diff --git a/mod/network.php b/mod/network.php index 05b74b50a..54fb2a0a4 100644 --- a/mod/network.php +++ b/mod/network.php @@ -188,7 +188,7 @@ function network_content(&$a, $update = 0) { if(count($r)) { $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` $star_sql AND `contact-id` IN ( " . intval($cid) . " )) "; $o = '<h2>' . t('Contact: ') . $r[0]['name'] . '</h2>' . $o; - if($r[0]['network'] !== NETWORK_MAIL && $r[0]['network'] !== NETWORK_DFRN && $r[0]['network'] !== NETWORK_FACEBOOK && $r[0]['writable'] && (! get_pconfig(local_user(),'system','nowarn_insecure'))) { + if($r[0]['network'] !== NETWORK_MAIL && $r[0]['network'] !== NETWORK_DFRN && $r[0]['network'] !== NETWORK_FACEBOOK && $r[0]['network'] !== NETWORK_DIASPORA && $r[0]['writable'] && (! get_pconfig(local_user(),'system','nowarn_insecure'))) { notice( t('Private messages to this person are at risk of public disclosure.') . EOL); } |