aboutsummaryrefslogtreecommitdiffstats
path: root/include/diaspora.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/diaspora.php')
-rw-r--r--include/diaspora.php67
1 files changed, 10 insertions, 57 deletions
diff --git a/include/diaspora.php b/include/diaspora.php
index 6862074c6..e39617aa3 100644
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -1,6 +1,6 @@
<?php
-require_once('include/certfns.php');
+require_once('include/crypto.php');
function receive_return($val) {
@@ -69,7 +69,7 @@ function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) {
$inner_encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $padded_data, MCRYPT_MODE_CBC, $inner_iv);
$b64_data = base64_encode($inner_encrypted);
-echo "inner: $b64_data";
+
$b64url_data = base64url_encode($b64_data);
$b64url_stripped = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data);
@@ -83,9 +83,7 @@ echo "inner: $b64_data";
$signable_data = $data . '.' . base64url_encode($type) . "\n" . '.'
. base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
- $signature = '';
- $result = openssl_sign($signable_data,$signature,$prvkey,'SHA256');
-
+ $signature = rsa_sign($signable_data,$prvkey);
$sig = base64url_encode($signature);
$decrypted_header = <<< EOT
@@ -100,12 +98,8 @@ $decrypted_header = <<< EOT
EOT;
$decrypted_header = pkcs5_pad($decrypted_header,16);
-logger("decrypted_header: $decrypted_header");
- $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv);
-logger( "encrypted_ciphertext: " . base64_encode($ciphertext));
- logger("encrypt_outer_key: $b_outer_aes_key");
- logger("ecnrypt_outer_iv: $b_outer_iv");
+ $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv);
$outer_json = json_encode(array('iv' => $b_outer_iv,'key' => $b_outer_aes_key));
$encrypted_outer_key_bundle = '';
@@ -135,44 +129,28 @@ EOT;
function diaspora_decode($importer,$xml) {
- $basedom = parse_xml_string($xml);
- if($basedom)
- logger('parsed dom');
+ $basedom = parse_xml_string($xml);
$atom = $basedom->children(NAMESPACE_ATOM1);
- logger('atom: ' . count($atom));
$encrypted_header = json_decode(base64_decode($atom->encrypted_header));
-
- print_r($encrypted_header);
$encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key);
$ciphertext = base64_decode($encrypted_header->ciphertext);
- logger('encrypted_aes: ' . print_r($encrypted_aes_key_bundle,true));
- logger('ciphertext: ' . print_r($ciphertext,true));
-
$outer_key_bundle = '';
openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']);
- logger('outer_bundle: ' . print_r($outer_key_bundle,true));
-
$j_outer_key_bundle = json_decode($outer_key_bundle);
$outer_iv = base64_decode($j_outer_key_bundle->iv);
$outer_key = base64_decode($j_outer_key_bundle->key);
- logger("outer_iv: $outer_iv");
- logger("outer_key: $outer_key");
- logger("ciphertext: " . base64_encode($ciphertext));
-
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv);
$decrypted = pkcs5_unpad($decrypted);
- logger('decrypted: ' . print_r($decrypted,true));
-
/**
* $decrypted now contains something like
*
@@ -190,18 +168,11 @@ function diaspora_decode($importer,$xml) {
$inner_iv = base64_decode($idom->iv);
$inner_aes_key = base64_decode($idom->aes_key);
-logger('idom: ' . print_r($idom,true));
$author_link = str_replace('acct:','',$idom->author->uri);
- logger('inner_iv: ' . $inner_iv);
-
$dom = $basedom->children(NAMESPACE_SALMON_ME);
- if($dom)
- logger('have dom');
-
- logger('dom: ' . count($dom));
// figure out where in the DOM tree our data is hiding
if($dom->provenance->data)
@@ -220,8 +191,6 @@ logger('idom: ' . print_r($idom,true));
// Stash the signature away for now. We have to find their key or it won't be good for anything.
$signature = base64url_decode($base->sig);
- logger('signature: ' . bin2hex($signature));
-
// unpack the data
// strip whitespace so our data element will return to one big base64 blob
@@ -240,7 +209,6 @@ logger('idom: ' . print_r($idom,true));
$signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
- logger('signed data: ' . $signed_data);
// decode the data
$data = base64url_decode($data);
@@ -254,13 +222,9 @@ logger('idom: ' . print_r($idom,true));
$inner_decrypted = pkcs5_unpad($inner_decrypted);
- logger('inner_decrypted: ' . $inner_decrypted);
-
-
-
if(! $author_link) {
logger('mod-diaspora: Could not retrieve author URI.');
- receive_return(400);
+ http_status_exit(400);
}
// Once we have the author URI, go to the web and try to find their public key
@@ -272,26 +236,15 @@ logger('idom: ' . print_r($idom,true));
$key = get_diaspora_key($author_link);
if(! $key) {
- logger('mod-salmon: Could not retrieve author key.');
- receive_return(400);
+ logger('mod-diaspora: Could not retrieve author key.');
+ http_status_exit(400);
}
- $verify = false;
-
- if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
- $verify = openssl_verify($signed_data,$signature,$key,'sha256');
- }
- else {
- // fallback sha256 verify for PHP < 5.3
- $rawsig = '';
- $hash = hash('sha256',$signed_data,true);
- openssl_public_decrypt($signature,$rawsig,$key);
- $verify = (($rawsig && substr($rawsig,-32) === $hash) ? true : false);
- }
+ $verify = rsa_verify($signed_data,$signature,$key);
if(! $verify) {
logger('mod-diaspora: Message did not verify. Discarding.');
- receive_return(400);
+ http_status_exit(400);
}
logger('mod-diaspora: Message verified.');
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-15 22:43:20 +0000