From d7ee552c570f4fca760c3d1573f32c005cf73bb8 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 20 Nov 2013 15:20:12 -0800 Subject: Protocol: now set data['alg'] on all encapsulated encrypted packets, so that we can more easily retire 'aes256cbc' once it is no longer viable. --- include/crypto.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index a0268ef93..ca01814da 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -49,6 +49,13 @@ function AES256CBC_decrypt($data,$key,$iv) { str_pad($iv,16,"\0"))); } +function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { + if($alg === 'aes256cbc') + return aes_encapsulate($data,$pubkey); + +} + + function aes_encapsulate($data,$pubkey) { if(! $pubkey) logger('aes_encapsulate: no key. data: ' . $data); @@ -60,12 +67,21 @@ function aes_encapsulate($data,$pubkey) { $x = debug_backtrace(); logger('aes_encapsulate: RSA failed. ' . print_r($x[0],true)); } + $result['alg'] = 'aes256cbc'; $result['key'] = base64url_encode($k,true); openssl_public_encrypt($iv,$i,$pubkey); $result['iv'] = base64url_encode($i,true); return $result; } +function crypto_unencapsulate($data,$prvkey) { + $alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc'); + if($alg === 'aes256cbc') + return aes_unencapsulate($data,$prvkey); + +} + + function aes_unencapsulate($data,$prvkey) { openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); -- cgit v1.2.3 From b8454cbd1df76bb96af6a6d65ff40f08f6919dc5 Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 7 Dec 2013 23:29:26 -0800 Subject: post_activity_item issues --- include/crypto.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index ca01814da..e9372fbb4 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -75,6 +75,8 @@ function aes_encapsulate($data,$pubkey) { } function crypto_unencapsulate($data,$prvkey) { + if(! $data) + return; $alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc'); if($alg === 'aes256cbc') return aes_unencapsulate($data,$prvkey); -- cgit v1.2.3 From 817d1461236acf9067ab7ff79d116832f18c282b Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 15 Dec 2013 18:30:10 -0800 Subject: bloody hell... php version incompatibility with openssl - openssl no longer accepts a string as an algorithm. Earlier versions didn't recognise sha256. So we'll look to see if the algorithm constant for sha256 is defined and if so we'll use that instead of the string. --- include/crypto.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index e9372fbb4..339d5fe17 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -4,6 +4,8 @@ function rsa_sign($data,$key,$alg = 'sha256') { if(! $key) return 'no key'; $sig = ''; + if(defined(OPENSSL_ALGO_SHA256) && $alg === 'sha256') + $alg = OPENSSL_ALGO_SHA256; openssl_sign($data,$sig,$key,$alg); return $sig; } @@ -13,6 +15,8 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') { if(! $key) return false; + if(defined(OPENSSL_ALGO_SHA256) && $alg === 'sha256') + $alg = OPENSSL_ALGO_SHA256; $verify = openssl_verify($data,$sig,$key,$alg); return $verify; } -- cgit v1.2.3 From 065300f7c352dc74e52a09804b7aeb858df1db0a Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 15 Dec 2013 18:43:54 -0800 Subject: bloody hell - it isn't defined either. --- include/crypto.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index 339d5fe17..33cdc10c0 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -4,7 +4,7 @@ function rsa_sign($data,$key,$alg = 'sha256') { if(! $key) return 'no key'; $sig = ''; - if(defined(OPENSSL_ALGO_SHA256) && $alg === 'sha256') + if(intval(OPENSSL_ALGO_SHA256) && $alg === 'sha256') $alg = OPENSSL_ALGO_SHA256; openssl_sign($data,$sig,$key,$alg); return $sig; @@ -15,7 +15,7 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') { if(! $key) return false; - if(defined(OPENSSL_ALGO_SHA256) && $alg === 'sha256') + if(intval(OPENSSL_ALGO_SHA256) && $alg === 'sha256') $alg = OPENSSL_ALGO_SHA256; $verify = openssl_verify($data,$sig,$key,$alg); return $verify; -- cgit v1.2.3