From 044067f0556be3b896fc1b183038777d971e9b57 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sun, 2 Apr 2017 16:40:36 -0700
Subject: harden security

---
 include/crypto.php | 36 ++++++++++++++++++++++++++----------
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/include/crypto.php b/include/crypto.php
index 187330c6c..2c5545e9b 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -55,6 +55,7 @@ function AES256CBC_decrypt($data,$key,$iv) {
 	return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
 }
 
+
 function AES128CBC_encrypt($data,$key,$iv) {
 	$key = substr($key,0,16);
 	$iv = substr($iv,0,16);
@@ -67,28 +68,30 @@ function AES128CBC_decrypt($data,$key,$iv) {
 	return openssl_decrypt($data,'aes-128-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
 }
 
-function STD_encrypt($data,$key,$iv) {
+
+function AES256CTR_encrypt($data,$key,$iv) {
 	$key = substr($key,0,32);
 	$iv = substr($iv,0,16);
-	return openssl_encrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
+	return openssl_encrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
 }
 
-function STD_decrypt($data,$key,$iv) {
+function AES256CTR_decrypt($data,$key,$iv) {
 	$key = substr($key,0,32);
 	$iv = substr($iv,0,16);
-	return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
+	return openssl_decrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
 }
 
-function AES256CTR_encrypt($data,$key,$iv) {
+
+function CAMELLIA256CFB_encrypt($data,$key,$iv) {
 	$key = substr($key,0,32);
 	$iv = substr($iv,0,16);
-	return openssl_encrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
+	return openssl_encrypt($data,'camellia-256-cfb',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
 }
 
-function AES256CTR_decrypt($data,$key,$iv) {
+function CAMELLIA256CFB_decrypt($data,$key,$iv) {
 	$key = substr($key,0,32);
 	$iv = substr($iv,0,16);
-	return openssl_decrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
+	return openssl_decrypt($data,'camellia-256-cfb',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
 }
 
 
@@ -104,6 +107,20 @@ function CAST5CBC_decrypt($data,$key,$iv) {
 	return openssl_decrypt($data,'cast5-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0"));
 }
 
+function CAST5CFB_encrypt($data,$key,$iv) {
+	$key = substr($key,0,16);
+	$iv = substr($iv,0,8);
+	return openssl_encrypt($data,'cast5-cfb',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0"));
+}
+
+function CAST5CFB_decrypt($data,$key,$iv) {
+	$key = substr($key,0,16);
+	$iv = substr($iv,0,8);
+	return openssl_decrypt($data,'cast5-cfb',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0"));
+}
+
+
+
 function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') {
 	$fn = strtoupper($alg) . '_encrypt';
 	
@@ -155,14 +172,13 @@ function other_encapsulate($data,$pubkey,$alg) {
 
 function crypto_methods() {
 
-	// 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. 
 	// aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. 
 	// other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a
 	// particular implementation or choice of underlying implementations based on the key/iv length. 
 	// The actual methods are responsible for deriving the actual key/iv from the provided parameters;
 	// possibly by truncation or segmentation - though many other methods could be used.  
 
-	$r = [ 'aes256ctr', 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
+	$r = [ 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
 	call_hooks('crypto_methods',$r);
 	return $r;
 
-- 
cgit v1.2.3