diff options
Diffstat (limited to 'Zotlabs/Zot')
| -rw-r--r-- | Zotlabs/Zot/Auth.php | 38 | ||||
| -rw-r--r-- | Zotlabs/Zot/Finger.php | 5 | ||||
| -rw-r--r-- | Zotlabs/Zot/Receiver.php | 21 |
3 files changed, 35 insertions, 29 deletions
diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php index 8d198f506..6ce2174f7 100644 --- a/Zotlabs/Zot/Auth.php +++ b/Zotlabs/Zot/Auth.php @@ -2,6 +2,8 @@ namespace Zotlabs\Zot; +use Zotlabs\Lib\Crypto; + class Auth { protected $test; @@ -68,7 +70,7 @@ class Auth { if(strstr($this->desturl,z_root() . '/rmagic')) goaway(z_root()); - $this->Finalise(); + $this->Finalise(); } @@ -76,7 +78,7 @@ class Auth { // Try and find a hubloc for the person attempting to auth. // Since we're matching by address, we have to return all entries - // some of which may be from re-installed hubs; and we'll need to + // some of which may be from re-installed hubs; and we'll need to // try each sequentially to see if one can pass the test $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash @@ -130,9 +132,9 @@ class Auth { // Also check that they are coming from the same site as they authenticated with originally. - $already_authed = (((remote_channel()) && ($hubloc['hubloc_hash'] == remote_channel()) + $already_authed = (((remote_channel()) && ($hubloc['hubloc_hash'] == remote_channel()) && ($hubloc['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); - + if($this->delegate && $this->delegate !== $_SESSION['delegate_channel']) $already_authed = false; @@ -158,17 +160,17 @@ class Auth { return false; } - // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the + // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the // site private key - // The actual channel sending the packet ($c[0]) is not important, but this provides a + // The actual channel sending the packet ($c[0]) is not important, but this provides a // generic zot packet with a sender which can be verified $x = q("select site_crypto from site where site_url = '%s' limit 1", dbesc($hubloc['hubloc_url']) ); - $p = zot_build_packet($channel,$type = 'auth_check', - array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), + $p = zot_build_packet($channel,$type = 'auth_check', + array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), $hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec); $this->Debug('auth check packet created using sitekey ' . $hubloc['hubloc_sitekey']); @@ -192,12 +194,12 @@ class Auth { $this->Debug('auth check request returned ' . print_r($j, true)); - if(! $j['success']) + if(! $j['success']) return false; // legit response, but we do need to check that this wasn't answered by a man-in-middle - if (! rsa_verify($this->sec . $hubloc['xchan_hash'],base64url_decode($j['confirm']),$hubloc['xchan_pubkey'])) { + if (! Crypto::verify($this->sec . $hubloc['xchan_hash'],base64url_decode($j['confirm']),$hubloc['xchan_pubkey'])) { logger('final confirmation failed.'); if($this->test) $this->Debug('final confirmation failed. ' . $sec . print_r($j,true) . print_r($hubloc,true)); @@ -290,7 +292,7 @@ class Auth { * Magic Auth * ========== * - * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite), + * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite), * a redirection is made via $mysite/magic to the zot endpoint of the remote site ($remotesite) with special GET parameters. * * The endpoint is typically https://$remotesite/post - or whatever was specified as the callback url in prior communications @@ -299,7 +301,7 @@ class Auth { * Five GET parameters are supplied: * * auth => the urlencoded webbie (channel@host.domain) of the channel requesting access * * dest => the desired destination URL (urlencoded) - * * sec => a random string which is also stored on $mysite for use during the verification phase. + * * sec => a random string which is also stored on $mysite for use during the verification phase. * * version => the zot revision * * delegate => optional urlencoded webbie of a local channel to invoke delegation rights for * @@ -336,8 +338,8 @@ class Auth { * } * \endcode * - * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see - * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the + * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see + * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the * destination channel's private key and base64url encoded. If everything checks out, a json packet is returned: * * \code{.json} @@ -351,10 +353,10 @@ class Auth { * \endcode * * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the - * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. - * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful - * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. - * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is + * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. + * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful + * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. + * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is * a string whose contents are not defined by protocol. Example: "basic" or "gold". * * @param[in,out] \App &$a diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index 778b701cd..cadde5415 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -2,6 +2,7 @@ namespace Zotlabs\Zot; +use Zotlabs\Lib\Crypto; use Zotlabs\Web\HTTPSig; /** @@ -109,7 +110,7 @@ class Finger { $result = z_post_url('http://' . $host . $rhs,$postvars, $retries, [ 'headers' => $xhead ]); } } - } + } else { $rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token; @@ -135,7 +136,7 @@ class Finger { if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); if($signed_token) { - $valid = rsa_verify('token.' . self::$token, base64url_decode($signed_token), $x['key']); + $valid = Crypto::verify('token.' . self::$token, base64url_decode($signed_token), $x['key']); if(! $valid) { logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR); diff --git a/Zotlabs/Zot/Receiver.php b/Zotlabs/Zot/Receiver.php index c521c9d64..f0378b650 100644 --- a/Zotlabs/Zot/Receiver.php +++ b/Zotlabs/Zot/Receiver.php @@ -2,6 +2,8 @@ namespace Zotlabs\Zot; +use Zotlabs\Lib\Crypto; + class Receiver { protected $data; @@ -30,7 +32,8 @@ class Receiver { $this->encrypted = ((array_key_exists('iv',$data)) ? true : false); if($this->encrypted) { - $this->data = @json_decode(@crypto_unencapsulate($data,$prvkey),true); + $data['encrypted'] = true; + $this->data = @json_decode(@Crypto::unencapsulate($data,$prvkey),true); } if(! $this->data) $this->data = $data; @@ -72,7 +75,7 @@ class Receiver { $this->validated = true; } - + function Dispatch() { /* Handle tasks which don't require sender validation */ @@ -144,8 +147,8 @@ class Receiver { * $contents->iv and $contents->key are random strings encrypted with this site's RSA public key and then base64url encoded. * * Once decrypted, one will find the normal json_encoded zot message packet. - * - * Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup + * + * Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup * * Standard packet: (used by notify, purge, refresh, force_refresh, and auth_check) * \code{.json} @@ -167,7 +170,7 @@ class Receiver { * \endcode * * Signature fields are all signed with the sender channel private key and base64url encoded. - * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private + * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private * key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates * a public message or visible to all potential listeners on this site. * @@ -186,7 +189,7 @@ class Receiver { * * In the pickup packet, the sig fields correspond to the respective data * element signed with this site's system private key and then base64url encoded. - * The "secret" is the same as the original secret from the notify packet. + * The "secret" is the same as the original secret from the notify packet. * * If verification is successful, a json structure is returned containing a * success indicator and an array of type 'pickup'. @@ -283,18 +286,18 @@ class Receiver { * } * \endcode * - * The ping packet can be used to verify that a site has not been re-installed, and to + * The ping packet can be used to verify that a site has not been re-installed, and to * initiate corrective action if it has. The url_sig is signed with the site private key * and base64url encoded - and this should verify with the enclosed sitekey. Failure to * verify indicates the site is corrupt or otherwise unable to communicate using zot. * This return packet is not otherwise verified, so should be compared with other * results obtained from this site which were verified prior to taking action. For instance - * if you have one verified result with this signature and key, and other records for this + * if you have one verified result with this signature and key, and other records for this * url which have different signatures and keys, it indicates that the site was re-installed * and corrective action may commence (remove or mark invalid any entries with different * signatures). * If you have no records which match this url_sig and key - no corrective action should - * be taken as this packet may have been returned by an imposter. + * be taken as this packet may have been returned by an imposter. * * @param[in,out] App &$a */ |