From d7ee552c570f4fca760c3d1573f32c005cf73bb8 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 20 Nov 2013 15:20:12 -0800
Subject: Protocol: now set data['alg'] on all encapsulated encrypted packets,
 so that we can more easily retire 'aes256cbc' once it is no longer viable.

---
 boot.php            | 10 +++-------
 include/crypto.php  | 16 ++++++++++++++++
 include/follow.php  |  2 +-
 include/items.php   | 26 +++++++++++++-------------
 include/message.php | 16 ++++++++--------
 include/text.php    |  4 ++--
 include/zot.php     | 10 +++++-----
 mod/editpost.php    |  4 ++--
 mod/message.php     |  2 +-
 mod/post.php        |  4 ++--
 mod/probe.php       |  2 +-
 mod/register.php    |  8 ++++++++
 12 files changed, 62 insertions(+), 42 deletions(-)

diff --git a/boot.php b/boot.php
index ed96ca4c1..c84604dc1 100755
--- a/boot.php
+++ b/boot.php
@@ -803,12 +803,6 @@ class App {
 
 		$scheme = $this->scheme;
 
-//		if((x($this->config,'system')) && (x($this->config['system'],'ssl_policy'))) {
-//			if(intval($this->config['system']['ssl_policy']) === intval(SSL_POLICY_FULL)) {
-//				$scheme = 'https';
-//			}
-//		}
-			
 		$this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' );
 		return $this->baseurl;
 	}
@@ -995,6 +989,9 @@ class App {
 		)) . $this->page['htmlhead'];
 	}
 
+	// The following curl functions will go away once we've converted
+	// all instances of (fetch|post)_url() to z_(fetch|post)_url()
+
 	function set_curl_code($code) {
 		$this->curl_code = $code;
 	}
@@ -1186,7 +1183,6 @@ function is_ajax() {
 // $_SERVER variables, and synchronising the state of installed plugins.
 
 
-
 function check_config(&$a) {
 
 	$build = get_config('system','db_version');
diff --git a/include/crypto.php b/include/crypto.php
index a0268ef93..ca01814da 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -49,6 +49,13 @@ function AES256CBC_decrypt($data,$key,$iv) {
 		str_pad($iv,16,"\0")));
 }
 
+function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') {
+	if($alg === 'aes256cbc')
+		return aes_encapsulate($data,$pubkey);
+
+}
+
+
 function aes_encapsulate($data,$pubkey) {
 	if(! $pubkey)
 		logger('aes_encapsulate: no key. data: ' . $data);
@@ -60,12 +67,21 @@ function aes_encapsulate($data,$pubkey) {
 		$x = debug_backtrace();
 		logger('aes_encapsulate: RSA failed. ' . print_r($x[0],true));
 	}
+	$result['alg'] = 'aes256cbc';
  	$result['key'] = base64url_encode($k,true);
 	openssl_public_encrypt($iv,$i,$pubkey);
 	$result['iv'] = base64url_encode($i,true);
 	return $result;
 }
 
+function crypto_unencapsulate($data,$prvkey) {
+	$alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
+	if($alg === 'aes256cbc')
+		return aes_unencapsulate($data,$prvkey);
+
+}
+
+
 function aes_unencapsulate($data,$prvkey) {
 	openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey);
 	openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey);
diff --git a/include/follow.php b/include/follow.php
index 10bcddf2b..5cf161304 100644
--- a/include/follow.php
+++ b/include/follow.php
@@ -96,7 +96,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
 	$global_perms = get_perms();
 
 	if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) {
-		$permissions = aes_unencapsulate(array(
+		$permissions = crypto_unencapsulate(array(
 			'data' => $j['permissions']['data'],
 			'key'  => $j['permissions']['key'],
 			'iv'   => $j['permissions']['iv']),
diff --git a/include/items.php b/include/items.php
index 7e21b9c4d..fabad6a63 100755
--- a/include/items.php
+++ b/include/items.php
@@ -644,9 +644,9 @@ function get_item_elements($x) {
 		$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
 		$key = get_config('system','pubkey');
 		if($arr['title'])
-			$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
+			$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
 		if($arr['body'])
-			$arr['body']  = json_encode(aes_encapsulate($arr['body'],$key));
+			$arr['body']  = json_encode(crypto_encapsulate($arr['body'],$key));
 	}
 
 
@@ -699,9 +699,9 @@ function encode_item($item) {
 	if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
 		$key = get_config('system','prvkey');
 		if($item['title'])
-			$item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key);
+			$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
 		if($item['body'])
-			$item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key);
+			$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
 	}
 
 	if($item['item_restrict']  & ITEM_DELETED) {
@@ -908,9 +908,9 @@ function encode_mail($item) {
 	if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) {
 		$key = get_config('system','prvkey');
 		if($item['title'])
-			$item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key);
+			$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
 		if($item['body'])
-			$item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key);
+			$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
 	}
 
 	$x['message_id']     = $item['mid'];
@@ -963,10 +963,10 @@ function get_mail_elements($x) {
 	$arr['mail_flags'] |= MAIL_OBSCURED;
 	$arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
 	if($arr['body'])
-		$arr['body']  = json_encode(aes_encapsulate($arr['body'],$key));
+		$arr['body']  = json_encode(crypto_encapsulate($arr['body'],$key));
 	$arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
 	if($arr['title'])
-		$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
+		$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
 
 	if($arr['created'] > datetime_convert())
 		$arr['created']  = datetime_convert();
@@ -1516,9 +1516,9 @@ function item_store($arr,$allow_exec = false) {
 			$key = get_config('system','pubkey');
 			$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
 			if($arr['title'])
-				$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
+				$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
 			if($arr['body'])
-				$arr['body']  = json_encode(aes_encapsulate($arr['body'],$key));
+				$arr['body']  = json_encode(crypto_encapsulate($arr['body'],$key));
 		}
 
 	}
@@ -1887,9 +1887,9 @@ function item_store_update($arr,$allow_exec = false) {
             $key = get_config('system','pubkey');
             $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
             if($arr['title'])
-                $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
+                $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
             if($arr['body'])
-                $arr['body']  = json_encode(aes_encapsulate($arr['body'],$key));
+                $arr['body']  = json_encode(crypto_encapsulate($arr['body'],$key));
         }
 
 	}
@@ -2243,7 +2243,7 @@ function tag_deliver($uid,$item_id) {
 		if($item['item_flags'] & ITEM_OBSCURED) {
 			$key = get_config('system','prvkey');
 			if($item['body'])
-				$body = aes_unencapsulate(json_decode_plus($item['body']),$key);
+				$body = crypto_unencapsulate(json_decode_plus($item['body']),$key);
 		}
 		else
 			$body = $item['body'];		
diff --git a/include/message.php b/include/message.php
index 2fca9bef0..a95021583 100644
--- a/include/message.php
+++ b/include/message.php
@@ -109,9 +109,9 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
 
 	$key = get_config('system','pubkey');
 	if($subject)
-		$subject = json_encode(aes_encapsulate($subject,$key));
+		$subject = json_encode(crypto_encapsulate($subject,$key));
 	if($body)
-		$body  = json_encode(aes_encapsulate($body,$key));
+		$body  = json_encode(crypto_encapsulate($body,$key));
 	
 
 
@@ -231,9 +231,9 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
 			$key = get_config('system','prvkey');
 
 			if($r[$k]['title'])
-				$r[$k]['title'] = aes_unencapsulate(json_decode_plus($r[$k]['title']),$key);
+				$r[$k]['title'] = crypto_unencapsulate(json_decode_plus($r[$k]['title']),$key);
 			if($r[$k]['body'])
-				$r[$k]['body'] = aes_unencapsulate(json_decode_plus($r[$k]['body']),$key);
+				$r[$k]['body'] = crypto_unencapsulate(json_decode_plus($r[$k]['body']),$key);
 		}
 	}
 
@@ -270,9 +270,9 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
 		if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
 			$key = get_config('system','prvkey');
 			if($messages[$k]['title'])
-				$messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
+				$messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
 			if($messages[$k]['body'])
-				$messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
+				$messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
 		}
 	}
 
@@ -358,9 +358,9 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
 		if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
 			$key = get_config('system','prvkey');
 			if($messages[$k]['title'])
-				$messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
+				$messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
 			if($messages[$k]['body'])
-				$messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
+				$messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
 		}
 	}
 
diff --git a/include/text.php b/include/text.php
index fc70e3509..780992f4a 100755
--- a/include/text.php
+++ b/include/text.php
@@ -1010,9 +1010,9 @@ function unobscure(&$item) {
 	if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
 		$key = get_config('system','prvkey');
 		if($item['title'])
-			$item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key);
+			$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
 		if($item['body'])
-			$item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key);
+			$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
 	}
 
 }
diff --git a/include/zot.php b/include/zot.php
index 1191cc221..a4a27ce9c 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -82,7 +82,7 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_
 	// Hush-hush ultra top-secret mode
 
 	if($remote_key) {
-		$data = aes_encapsulate(json_encode($data),$remote_key);
+		$data = crypto_encapsulate(json_encode($data),$remote_key);
 	}
 
 	return json_encode($data);
@@ -269,7 +269,7 @@ function zot_refresh($them,$channel = null) {
 		if($channel) {
 			$global_perms = get_perms();
 			if($j['permissions']['data']) {
-				$permissions = aes_unencapsulate(array(
+				$permissions = crypto_unencapsulate(array(
 					'data' => $j['permissions']['data'],
 					'key'  => $j['permissions']['key'],
 					'iv'   => $j['permissions']['iv']),
@@ -823,7 +823,7 @@ function zot_fetch($arr) {
 		'secret_sig' => base64url_encode(rsa_sign($arr['secret'],get_config('system','prvkey')))
 	);
 
-	$datatosend = json_encode(aes_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey']));
+	$datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey']));
 	
 	$fetch = zot_zot($url,$datatosend);
 	$result = zot_import($fetch, $arr['sender']['url']);
@@ -849,7 +849,7 @@ function zot_import($arr, $sender_url) {
 	}
 
 	if(array_key_exists('iv',$data)) {
-		$data = json_decode(aes_unencapsulate($data,get_config('system','prvkey')),true);
+		$data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true);
     }
 
 	$incoming = $data['pickup'];
@@ -861,7 +861,7 @@ function zot_import($arr, $sender_url) {
 			$result = null;
 
 			if(array_key_exists('iv',$i['notify'])) {
-				$i['notify'] = json_decode(aes_unencapsulate($i['notify'],get_config('system','prvkey')),true);
+				$i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true);
     		}
 
 			logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA);
diff --git a/mod/editpost.php b/mod/editpost.php
index b01afe9b3..f25d6d21d 100644
--- a/mod/editpost.php
+++ b/mod/editpost.php
@@ -57,9 +57,9 @@ function editpost_content(&$a) {
 	if($itm[0]['item_flags'] & ITEM_OBSCURED) {
 		$key = get_config('system','prvkey');
 		if($itm[0]['title'])
-			$itm[0]['title'] = aes_unencapsulate(json_decode_plus($itm[0]['title']),$key);
+			$itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key);
 		if($itm[0]['body'])
-			$itm[0]['body'] = aes_unencapsulate(json_decode_plus($itm[0]['body']),$key);
+			$itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key);
 	}
 
 	$tpl = get_markup_template("jot.tpl");
diff --git a/mod/message.php b/mod/message.php
index f992a6fa1..a0382f63d 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -79,7 +79,7 @@ function message_post(&$a) {
 		$global_perms = get_perms();
 
 		if($j['permissions']['data']) {
-			$permissions = aes_unencapsulate($j['permissions'],$channel['channel_prvkey']);
+			$permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']);
 			if($permissions)
 				$permissions = json_decode($permissions);
 			logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA);
diff --git a/mod/post.php b/mod/post.php
index 2778621d3..64e08e632 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -172,7 +172,7 @@ function post_post(&$a) {
 	 */
 
 	if(array_key_exists('iv',$data)) {
-		$data = aes_unencapsulate($data,get_config('system','prvkey'));
+		$data = crypto_unencapsulate($data,get_config('system','prvkey'));
 		logger('mod_zot: decrypt1: ' . $data, LOGGER_DATA);
 
 //	susceptible to Bleichenbacher's attack
@@ -312,7 +312,7 @@ function post_post(&$a) {
 				);
 			}
 		}
-		$encrypted = aes_encapsulate(json_encode($ret),$sitekey);
+		$encrypted = crypto_encapsulate(json_encode($ret),$sitekey);
 		json_return_and_die($encrypted);
 
 		/** pickup: end */
diff --git a/mod/probe.php b/mod/probe.php
index bd792d52e..e2dd4ef77 100644
--- a/mod/probe.php
+++ b/mod/probe.php
@@ -26,7 +26,7 @@ function probe_content(&$a) {
 				$j = json_decode($res['body'],true);
 		}
 		if($j && $j['permissions'] && $j['permissions']['iv'])
-			$j['permissions'] = json_decode(aes_unencapsulate($j['permissions'],$channel['channel_prvkey']),true);
+			$j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']),true);
 		$o .= str_replace("\n",'<br />',print_r($j,true));
 		$o .= '</pre>';
 	}
diff --git a/mod/register.php b/mod/register.php
index bc1603f25..2040732ff 100644
--- a/mod/register.php
+++ b/mod/register.php
@@ -7,6 +7,14 @@ function register_init(&$a) {
 	$result = null;
 	$cmd = ((argc() > 1) ? argv(1) : '');
 
+	// Provide a stored request for somebody desiring a connection
+	// when they first need to register someplace. Once they've
+	// created a channel, we'll try to revive the connection request 
+	// and process it.
+
+	if($_REQUEST['connect'])
+		$_SESSION['connect'] = $_REQUEST['connect'];
+
 	switch($cmd) {
 		case 'invite_check.json':
 			$result = check_account_invite($_REQUEST['invite_code']);
-- 
cgit v1.2.3