From 08bea83c032675e93c789070e681aab212c1d2a4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 13 Jan 2018 13:45:33 -0800 Subject: unexpected openssl result --- Zotlabs/Web/HTTPSig.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Web/HTTPSig.php') diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 9a8c23a9b..9a6c3cd39 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -117,7 +117,7 @@ class HTTPSig { logger('verified: ' . $x, LOGGER_DEBUG); - if($x === false) + if(! intval($x)) return $result; if(! $spoofable) -- cgit v1.2.3 From eb3e43feec4e2de439de5398fcf498c0de5afbd4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 13 Jan 2018 14:08:15 -0800 Subject: cleanup of last fix --- Zotlabs/Web/HTTPSig.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Web/HTTPSig.php') diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 9a6c3cd39..63033ce5e 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -117,7 +117,7 @@ class HTTPSig { logger('verified: ' . $x, LOGGER_DEBUG); - if(! intval($x)) + if(! $x) return $result; if(! $spoofable) -- cgit v1.2.3 From 2de1285121b5f0260699a93249bab11dc74edec5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 16 Jan 2018 18:15:58 -0800 Subject: z6 deliver --- Zotlabs/Web/HTTPSig.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'Zotlabs/Web/HTTPSig.php') diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 63033ce5e..ef03dac94 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -137,6 +137,21 @@ class HTTPSig { } } + + if(in_array('x-zot-digest',$signed_headers)) { + $result['content_signed'] = true; + $digest = explode('=', $headers['x-zot-digest']); + if($digest[0] === 'SHA-256') + $hashalg = 'sha256'; + if($digest[0] === 'SHA-512') + $hashalg = 'sha512'; + + // The explode operation will have stripped the '=' padding, so compare against unpadded base64 + if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) { + $result['content_valid'] = true; + } + } + logger('Content_Valid: ' . $result['content_valid']); return $result; -- cgit v1.2.3 From 4c27fa5c37fbe4fc6debaadeaf3b4b134bc9068b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 7 Feb 2018 22:04:53 -0800 Subject: debug the crypto function --- Zotlabs/Web/HTTPSig.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Zotlabs/Web/HTTPSig.php') diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index ef03dac94..8c94a4ff0 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -210,6 +210,9 @@ class HTTPSig { if($crypt_key) { $x = crypto_encapsulate($headerval,$crypt_key,$crypt_alg); + +logger(cryptosig: ' . print_r($x,true)); + $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data']; } -- cgit v1.2.3 From 635c5e532bd945fe50dc3fae73e4da005158e3de Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 8 Feb 2018 15:32:54 -0800 Subject: z6 testing --- Zotlabs/Web/HTTPSig.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Web/HTTPSig.php') diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 8c94a4ff0..dba5c4687 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -209,7 +209,7 @@ class HTTPSig { . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"'; if($crypt_key) { - $x = crypto_encapsulate($headerval,$crypt_key,$crypt_alg); + $x = crypto_encapsulate($headerval,$crypt_key,$crypt_algo); logger(cryptosig: ' . print_r($x,true)); -- cgit v1.2.3 From e4503f743e0a51ebb91401746bcfa800dd890dc9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 8 Feb 2018 15:36:22 -0800 Subject: logging --- Zotlabs/Web/HTTPSig.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Web/HTTPSig.php') diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index dba5c4687..a6b8d67a4 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -194,6 +194,8 @@ class HTTPSig { static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256', $crypt_key = null, $crypt_algo = 'aes256ctr') { +logger('cryptkey' . $crypt_key); + $return_headers = []; if($alg === 'sha256') { @@ -211,7 +213,7 @@ class HTTPSig { if($crypt_key) { $x = crypto_encapsulate($headerval,$crypt_key,$crypt_algo); -logger(cryptosig: ' . print_r($x,true)); +logger('cryptosig: ' . print_r($x,true)); $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data']; } -- cgit v1.2.3 From beec49847f54d89f15b205482cbf375782553527 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 8 Feb 2018 15:45:33 -0800 Subject: missing quote --- Zotlabs/Web/HTTPSig.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Web/HTTPSig.php') diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index a6b8d67a4..0b264ca7a 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -215,7 +215,7 @@ logger('cryptkey' . $crypt_key); logger('cryptosig: ' . print_r($x,true)); - $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data']; + $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"'; } if($auth) { -- cgit v1.2.3 From cd1e5d417167836ee5ac64d042815b377c22b694 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 8 Feb 2018 16:22:10 -0800 Subject: zot6 testing --- Zotlabs/Web/HTTPSig.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'Zotlabs/Web/HTTPSig.php') diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 0b264ca7a..a27edb73d 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -152,7 +152,7 @@ class HTTPSig { } } - logger('Content_Valid: ' . $result['content_valid']); + logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false')); return $result; @@ -194,8 +194,6 @@ class HTTPSig { static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256', $crypt_key = null, $crypt_algo = 'aes256ctr') { -logger('cryptkey' . $crypt_key); - $return_headers = []; if($alg === 'sha256') { @@ -212,9 +210,6 @@ logger('cryptkey' . $crypt_key); if($crypt_key) { $x = crypto_encapsulate($headerval,$crypt_key,$crypt_algo); - -logger('cryptosig: ' . print_r($x,true)); - $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"'; } -- cgit v1.2.3