diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/identity.php | 2 | ||||
-rwxr-xr-x | include/items.php | 2 | ||||
-rw-r--r-- | include/zot.php | 26 |
3 files changed, 22 insertions, 8 deletions
diff --git a/include/identity.php b/include/identity.php index 6c28f23d6..e210b37ab 100644 --- a/include/identity.php +++ b/include/identity.php @@ -201,7 +201,7 @@ function create_identity($arr) { $sig = base64url_encode(rsa_sign($guid,$key['prvkey'])); - $hash = base64url_encode(hash('whirlpool',$guid . $sig,true)); + $hash = make_xchan_hash($guid,$sig); // Force a few things on the short term until we can provide a theme or app with choice diff --git a/include/items.php b/include/items.php index 26d2fbe1c..10daa85f2 100755 --- a/include/items.php +++ b/include/items.php @@ -734,7 +734,7 @@ function get_item_elements($x) { return array(); // save a potentially expensive lookup if author == owner - if($arr['author_xchan'] === base64url_encode(hash('whirlpool',$x['owner']['guid'] . $x['owner']['guid_sig'], true))) + if($arr['author_xchan'] === make_xchan_hash($x['owner']['guid'],$x['owner']['guid_sig'])) $arr['owner_xchan'] = $arr['author_xchan']; else { if(($xchan_hash = import_author_xchan($x['owner'])) !== false) diff --git a/include/zot.php b/include/zot.php index 4442bd748..1b02f8d69 100644 --- a/include/zot.php +++ b/include/zot.php @@ -35,6 +35,20 @@ function zot_new_uid($channel_nick) { /** + * + * function make_xchan_hash($guid,$guid_sig) + * + * Generates a portable hash identifier for the channel identified by $guid and signed with $guid_sig + * This ID is portable across the network but MUST be calculated locally by verifying the signature + * and can not be trusted as an identity. + * + */ + +function make_xchan_hash($guid,$guid_sig) { + return base64url_encode(hash('whirlpool',$guid . $guid_sig, true)); +} + +/** * @function zot_get_hublocs($hash) * Given a zot hash, return all distinct hubs. * This function is used in building the zot discovery packet @@ -538,7 +552,7 @@ function zot_register_hub($arr) { if($arr['url'] && $arr['url_sig'] && $arr['guid'] && $arr['guid_sig']) { - $guid_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); + $guid_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); $url = $arr['url'] . '/.well-known/zot-info/?f=&guid_hash=' . $guid_hash; @@ -612,7 +626,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { } - $xchan_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); + $xchan_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); $import_photos = false; if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'])) { @@ -1167,14 +1181,14 @@ function zot_import($arr, $sender_url) { } - $i['notify']['sender']['hash'] = base64url_encode(hash('whirlpool',$i['notify']['sender']['guid'] . $i['notify']['sender']['guid_sig'], true)); + $i['notify']['sender']['hash'] = make_xchan_hash($i['notify']['sender']['guid'],$i['notify']['sender']['guid_sig']); $deliveries = null; if(array_key_exists('recipients',$i['notify']) && count($i['notify']['recipients'])) { logger('specific recipients'); $recip_arr = array(); foreach($i['notify']['recipients'] as $recip) { - $recip_arr[] = base64url_encode(hash('whirlpool',$recip['guid'] . $recip['guid_sig'], true)); + $recip_arr[] = make_xchan_hash($recip['guid'],$recip['guid_sig']); } stringify_array_elms($recip_arr); $recips = implode(',',$recip_arr); @@ -1390,7 +1404,7 @@ function allowed_public_recips($msg) { if(array_key_exists('public_scope',$msg['message'])) $scope = $msg['message']['public_scope']; - $hash = base64url_encode(hash('whirlpool',$msg['notify']['sender']['guid'] . $msg['notify']['sender']['guid_sig'], true)); + $hash = make_xchan_hash($msg['notify']['sender']['guid'],$msg['notify']['sender']['guid_sig']); if($scope === 'public' || $scope === 'network: red') return $recips; @@ -2336,7 +2350,7 @@ function get_rpost_path($observer) { } function import_author_zot($x) { - $hash = base64url_encode(hash('whirlpool',$x['guid'] . $x['guid_sig'], true)); + $hash = make_xchan_hash($x['guid'],$x['guid_sig']); $r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1", dbesc($x['guid']), dbesc($x['guid_sig']), |