diff options
| -rwxr-xr-x | boot.php | 6 | ||||
| -rw-r--r-- | include/conversation.php | 2 | ||||
| -rw-r--r-- | include/crypto.php | 2 | ||||
| -rw-r--r-- | include/dir_fns.php | 10 | ||||
| -rw-r--r-- | include/queue_fn.php | 2 | ||||
| -rw-r--r-- | include/zot.php | 23 | ||||
| -rw-r--r-- | install/schema_mysql.sql | 1 | ||||
| -rw-r--r-- | install/schema_postgres.sql | 1 | ||||
| -rw-r--r-- | install/update.php | 11 |
9 files changed, 40 insertions, 18 deletions
@@ -51,7 +51,7 @@ define ( 'PLATFORM_NAME', 'hubzilla' ); define ( 'STD_VERSION', '1.15.1' ); define ( 'ZOT_REVISION', '1.1' ); -define ( 'DB_UPDATE_VERSION', 1184 ); +define ( 'DB_UPDATE_VERSION', 1185 ); /** @@ -640,6 +640,10 @@ function sys_boot() { define( 'DEFAULT_NOTIFY_ICON', '/images/hz-white-32.png' ); } + if(! defined('CRYPTO_ALGORITHM')) { + define( 'CRYPTO_ALGORITHM', 'aes256cbc' ); + } + /* * Try to open the database; */ diff --git a/include/conversation.php b/include/conversation.php index f04fa89a0..16eacd73e 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -363,7 +363,7 @@ function localize_item(&$item){ if(intval($item['item_obscured']) && strlen($item['body']) && (! strpos($item['body'],'data'))) { - $item['body'] = json_encode(crypto_encapsulate($item['body'],get_config('system','pubkey'))); + $item['body'] = json_encode(crypto_encapsulate($item['body'],get_config('system','pubkey'), CRYPTO_ALGORITHM)); } } diff --git a/include/crypto.php b/include/crypto.php index bc798d919..c67c4a1ef 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -315,7 +315,7 @@ function convert_salmon_key($key) { function z_obscure($s) { - return json_encode(crypto_encapsulate($s,get_config('system','pubkey'))); + return json_encode(crypto_encapsulate($s,get_config('system','pubkey'),CRYPTO_ALGORITHM)); } function z_unobscure($s) { diff --git a/include/dir_fns.php b/include/dir_fns.php index 03cc2706a..3922730fc 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -192,17 +192,19 @@ function sync_directories($dirmode) { 'site_update' => NULL_DATE, 'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch', 'site_realm' => DIRECTORY_REALM, - 'site_valid' => 1 + 'site_valid' => 1, + 'site_crypto' => 'aes256cbc' ); - $x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid ) - values ( '%s', %d, '%s', '%s', '%s', %d ) ", + $x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid, site_crypto ) + values ( '%s', %d, '%s', '%s', '%s', %d, '%s' ) ", dbesc($r[0]['site_url']), intval($r[0]['site_flags']), dbesc($r[0]['site_update']), dbesc($r[0]['site_directory']), dbesc($r[0]['site_realm']), - intval($r[0]['site_valid']) + intval($r[0]['site_valid']), + dbesc($r[0]['site_crypto']) ); $r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d ", diff --git a/include/queue_fn.php b/include/queue_fn.php index 1e3126f77..0950faf85 100644 --- a/include/queue_fn.php +++ b/include/queue_fn.php @@ -93,7 +93,7 @@ function queue_deliver($outq, $immediate = false) { // your site has existed. Since we don't know for sure what these sites are, // call them unknown - q("insert into site (site_url, site_update, site_dead, site_type) values ('%s','%s',0,%d) ", + q("insert into site (site_url, site_update, site_dead, site_type, site_crypto) values ('%s','%s',0,%d,'') ", dbesc($base), dbesc(datetime_convert()), intval(($outq['outq_driver'] === 'post') ? SITE_TYPE_NOTZOT : SITE_TYPE_UNKNOWN) diff --git a/include/zot.php b/include/zot.php index 5c9fb4e82..565c9dce3 100644 --- a/include/zot.php +++ b/include/zot.php @@ -147,7 +147,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot // Hush-hush ultra top-secret mode if ($remote_key) { - $data = crypto_encapsulate(json_encode($data),$remote_key); + $data = crypto_encapsulate(json_encode($data),$remote_key, CRYPTO_ALGORITHM); } return json_encode($data); @@ -398,7 +398,8 @@ function zot_refresh($them, $channel = null, $force = false) { $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], - 'iv' => $j['permissions']['iv']), + 'iv' => $j['permissions']['iv'], + 'alg' => $j['permissions']['alg']), $channel['channel_prvkey']); if($permissions) $permissions = json_decode($permissions,true); @@ -1091,7 +1092,7 @@ function zot_fetch($arr) { 'secret_sig' => base64url_encode(rsa_sign($arr['secret'],get_config('system','prvkey'))) ); - $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'])); + $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'], CRYPTO_ALGORITHM)); $fetch = zot_zot($url,$datatosend); @@ -2851,6 +2852,7 @@ function import_site($arr, $pubkey) { $site_location = htmlspecialchars($arr['location'],ENT_COMPAT,'UTF-8',false); $site_realm = htmlspecialchars($arr['realm'],ENT_COMPAT,'UTF-8',false); $site_project = htmlspecialchars($arr['project'],ENT_COMPAT,'UTF-8',false); + $site_crypto = ((array_key_exists('encryption',$arr)) ? implode(',', htmlspecialchars($arr['encryption'],ENT_COMPAT,'UTF-8',false)) : ''); $site_version = ((array_key_exists('version',$arr)) ? htmlspecialchars($arr['version'],ENT_COMPAT,'UTF-8',false) : ''); // You can have one and only one primary directory per realm. @@ -2872,6 +2874,7 @@ function import_site($arr, $pubkey) { || ($siterecord['site_register'] != $register_policy) || ($siterecord['site_project'] != $site_project) || ($siterecord['site_realm'] != $site_realm) + || ($siterecord['site_crypto'] != $site_crypto) || ($siterecord['site_version'] != $site_version) ) { $update = true; @@ -2880,7 +2883,7 @@ function import_site($arr, $pubkey) { // logger('import_site: stored: ' . print_r($siterecord,true)); - $r = q("update site set site_dead = 0, site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s', site_type = %d, site_project = '%s', site_version = '%s' + $r = q("update site set site_dead = 0, site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s', site_type = %d, site_project = '%s', site_version = '%s', site_crypto = '%s' where site_url = '%s'", dbesc($site_location), intval($site_directory), @@ -2893,6 +2896,7 @@ function import_site($arr, $pubkey) { intval(SITE_TYPE_ZOT), dbesc($site_project), dbesc($site_version), + dbesc($site_crypto), dbesc($url) ); if(! $r) { @@ -2910,8 +2914,8 @@ function import_site($arr, $pubkey) { else { $update = true; - $r = q("insert into site ( site_location, site_url, site_access, site_flags, site_update, site_directory, site_register, site_sellpage, site_realm, site_type, site_project, site_version ) - values ( '%s', '%s', %d, %d, '%s', '%s', %d, '%s', '%s', %d, '%s', '%s' )", + $r = q("insert into site ( site_location, site_url, site_access, site_flags, site_update, site_directory, site_register, site_sellpage, site_realm, site_type, site_project, site_version, site_crypto ) + values ( '%s', '%s', %d, %d, '%s', '%s', %d, '%s', '%s', %d, '%s', '%s', '%s' )", dbesc($site_location), dbesc($url), intval($access_policy), @@ -2923,7 +2927,8 @@ function import_site($arr, $pubkey) { dbesc($site_realm), intval(SITE_TYPE_ZOT), dbesc($site_project), - dbesc($site_version) + dbesc($site_version), + dbesc($site_crypto) ); if(! $r) { logger('import_site: record create failed. ' . print_r($arr,true)); @@ -3913,7 +3918,7 @@ function zotinfo($arr) { $permissions['connected'] = true; } - $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey) : $permissions); + $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey, CRYPTO_ALGORITHM) : $permissions); if($permissions['view_profile']) $ret['profile'] = $profile; @@ -4317,7 +4322,7 @@ function zot_reply_pickup($data) { } } - $encrypted = crypto_encapsulate(json_encode($ret),$sitekey); + $encrypted = crypto_encapsulate(json_encode($ret),$sitekey, CRYPTO_ALGORITHM); json_return_and_die($encrypted); /* pickup: end */ diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql index 4cbcfc64d..e143e252a 100644 --- a/install/schema_mysql.sql +++ b/install/schema_mysql.sql @@ -1153,6 +1153,7 @@ CREATE TABLE IF NOT EXISTS `site` ( `site_type` smallint NOT NULL DEFAULT '0', `site_project` char(255) NOT NULL DEFAULT '', `site_version` varchar(32) NOT NULL DEFAULT '', + `site_crypto` text NOT NULL DEFAULT '', PRIMARY KEY (`site_url`), KEY `site_flags` (`site_flags`), KEY `site_update` (`site_update`), diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql index a682aa49d..b1b1c8474 100644 --- a/install/schema_postgres.sql +++ b/install/schema_postgres.sql @@ -1134,6 +1134,7 @@ CREATE TABLE "site" ( "site_type" smallint NOT NULL DEFAULT '0', "site_project" text NOT NULL DEFAULT '', "site_version" text NOT NULL DEFAULT '', + "site_crypto" text NOT NULL DEFAULT '', PRIMARY KEY ("site_url") ); create index "site_flags" on site ("site_flags"); diff --git a/install/update.php b/install/update.php index 7e7104b74..dbf3a08ca 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ <?php -define( 'UPDATE_VERSION' , 1184 ); +define( 'UPDATE_VERSION' , 1185 ); /** * @@ -2463,3 +2463,12 @@ function update_r1183() { return UPDATE_SUCCESS; return UPDATE_FAILED; } + +function update_r1184() { + + $r1 = q("alter table site add site_crypto text not null default '' "); + + if($r1) + return UPDATE_SUCCESS; + return UPDATE_FAILED; +} |