From 7972de13caf21647c8cc2e82c499a344f7191a22 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 25 Feb 2016 14:34:30 -0800 Subject: backtrace openssl_verify errors so that we can find bad keys - as there is very little relevant context available at this level. --- include/crypto.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index 494a2a5b9..50ec2a3a6 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -21,6 +21,21 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') { if(intval(OPENSSL_ALGO_SHA256) && $alg === 'sha256') $alg = OPENSSL_ALGO_SHA256; $verify = openssl_verify($data,$sig,$key,$alg); + + if(! $verify) { + logger('openssl_verify: ' . openssl_error_string(),LOGGER_NORMAL,LOG_ERR); + logger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); + // provide a backtrace so that we can debug key issues + if(version_compare(PHP_VERSION, '5.4.0') >= 0) { + $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); + if($stack) { + foreach($stack as $s) { + logger('stack: ' . basename($s['file']) . ':' . $s['line'] . ':' . $s['function'] . '()',LOGGER_DEBUG,LOG_ERR); + } + } + } + } + return $verify; } -- cgit v1.2.3 From da79662081b375e91477b5c83c44d084a8e579bd Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 28 Feb 2016 16:33:52 -0800 Subject: stop the PHP warnings from Thomas's buggered sitekey --- include/crypto.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index 50ec2a3a6..94a6b4a58 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -20,7 +20,7 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') { if(intval(OPENSSL_ALGO_SHA256) && $alg === 'sha256') $alg = OPENSSL_ALGO_SHA256; - $verify = openssl_verify($data,$sig,$key,$alg); + $verify = @openssl_verify($data,$sig,$key,$alg); if(! $verify) { logger('openssl_verify: ' . openssl_error_string(),LOGGER_NORMAL,LOG_ERR); -- cgit v1.2.3 From f82afca84d19ba87cd911ec28638fb45a7f7e6f0 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 17 Mar 2016 12:15:28 -0700 Subject: no xchan here if using zot protocol --- include/crypto.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index 94a6b4a58..3cddc7581 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -23,7 +23,8 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') { $verify = @openssl_verify($data,$sig,$key,$alg); if(! $verify) { - logger('openssl_verify: ' . openssl_error_string(),LOGGER_NORMAL,LOG_ERR); + while($msg = openssl_error_string()) + logger('openssl_verify: ' . $msg,LOGGER_NORMAL,LOG_ERR); logger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); // provide a backtrace so that we can debug key issues if(version_compare(PHP_VERSION, '5.4.0') >= 0) { @@ -256,6 +257,7 @@ function pkcs1_encode($Modulus,$PublicExponent) { } +// http://stackoverflow.com/questions/27568570/how-to-convert-raw-modulus-exponent-to-rsa-public-key-pem-format function metopem($m,$e) { $der = pkcs8_encode($m,$e); $key = DerToPem($der,false); -- cgit v1.2.3 From 6f2ba0c6193a229b3f371de2cae7b314927d4cbb Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 22 Mar 2016 19:58:59 -0700 Subject: rewrite the webfinger discovery logic --- include/crypto.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index 3cddc7581..d82ee5114 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -308,11 +308,33 @@ function metorsa($m,$e) { return $key; } + + function salmon_key($pubkey) { pemtome($pubkey,$m,$e); return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ; } + +function convert_salmon_key($key) { + + if(strstr($key,',')) + $rawkey = substr($key,strpos($key,',')+1); + else + $rawkey = substr($key,5); + + $key_info = explode('.',$rawkey); + + $m = base64url_decode($key_info[1]); + $e = base64url_decode($key_info[2]); + + logger('key details: ' . print_r($key_info,true), LOGGER_DATA); + $salmon_key = metopem($m,$e); + return $salmon_key; + +} + + function z_obscure($s) { return json_encode(crypto_encapsulate($s,get_config('system','pubkey'))); } @@ -322,3 +344,4 @@ function z_unobscure($s) { return $s; return crypto_unencapsulate(json_decode($s,true),get_config('system','prvkey')); } + -- cgit v1.2.3 From 6a6dbec0335c43137e4dc5e84b5b188edc57ba10 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 30 Mar 2016 16:33:23 -0700 Subject: issue #319 - NOTE: this does not fix the issue, it only reports it and continues. We need to examine any logger statements that contain 'stack:' as a result of reporting this issue and find and fix the original problem - which is that set_pconfig is being called without a valid $uid. I'm worried that since we will now continue on without throwing a PHP error that nobody will ever notice or find the problem that is causing this. --- include/crypto.php | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'include/crypto.php') diff --git a/include/crypto.php b/include/crypto.php index d82ee5114..d636c6848 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -25,16 +25,7 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') { if(! $verify) { while($msg = openssl_error_string()) logger('openssl_verify: ' . $msg,LOGGER_NORMAL,LOG_ERR); - logger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); - // provide a backtrace so that we can debug key issues - if(version_compare(PHP_VERSION, '5.4.0') >= 0) { - $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); - if($stack) { - foreach($stack as $s) { - logger('stack: ' . basename($s['file']) . ':' . $s['line'] . ':' . $s['function'] . '()',LOGGER_DEBUG,LOG_ERR); - } - } - } + btlogger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); } return $verify; -- cgit v1.2.3