From 6a7fa6bf5414a89c27f4f7d8da1ad8bb33d7c5a1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 24 Jul 2017 20:23:00 -0700 Subject: provide a keychange operation to rebase an identity on a new keypair --- include/zot.php | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 8bbc4a969..220292994 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3757,6 +3757,50 @@ function zot_reply_message_request($data) { json_return_and_die($ret); } +function zot_rekey_request($sender,$data) { + + $ret = array('success' => false); + + // newsig is newkey signed with oldkey + + // The original xchan will remain. In Zot/Receiver we will have imported the new xchan and hubloc to verify + // the packet authenticity. What we will do now is verify that the keychange operation was signed by the + // oldkey, and if so change all the abook, abconfig, group, and permission elements which reference the + // old xchan_hash. + + if((! $data['oldkey']) && (! $data['oldsig']) && (! $data['newkey']) && (! $data['newsig'])) + json_return_and_die($ret); + + $oldhash = make_xchan_hash($data['old_guid'],$data['old_guid_sig']); + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($oldhash) + ); + + if(! $r) { + json_return_and_die($ret); + } + + $xchan = $r[0]; + + if(! rsa_verify($data['newkey'],base64url_decode($data['newsig']),$xchan['xchan_pubkey'])) { + json_return_and_die($ret); + } + + $newhash = make_xchan_hash($sender['guid'],$sender['guid_sig']); + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($newhash) + ); + + $newxchan = $r[0]; + + xchan_change_key($xchan,$newxchan,$data); + + $ret['success'] = true; + json_return_and_die($ret); +} + function zotinfo($arr) { -- cgit v1.2.3 From ddecbf052eabe92f61091bcd2541190b1037e466 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 24 Jul 2017 22:45:50 -0700 Subject: new field names did not get saved --- include/zot.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 220292994..33cf1d40d 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3768,7 +3768,7 @@ function zot_rekey_request($sender,$data) { // oldkey, and if so change all the abook, abconfig, group, and permission elements which reference the // old xchan_hash. - if((! $data['oldkey']) && (! $data['oldsig']) && (! $data['newkey']) && (! $data['newsig'])) + if((! $data['old_key']) && (! $data['new_key']) && (! $data['new_sig'])) json_return_and_die($ret); $oldhash = make_xchan_hash($data['old_guid'],$data['old_guid_sig']); @@ -3783,7 +3783,7 @@ function zot_rekey_request($sender,$data) { $xchan = $r[0]; - if(! rsa_verify($data['newkey'],base64url_decode($data['newsig']),$xchan['xchan_pubkey'])) { + if(! rsa_verify($data['new_key'],base64url_decode($data['new_sig']),$xchan['xchan_pubkey'])) { json_return_and_die($ret); } -- cgit v1.2.3 From c24cfbc62af111f18576cfde8e4e920e66c57ff5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 25 Jul 2017 15:59:58 -0700 Subject: make signing methods variable and signable --- include/zot.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 33cf1d40d..f9682237e 100644 --- a/include/zot.php +++ b/include/zot.php @@ -122,7 +122,8 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot ], 'callback' => '/post', 'version' => ZOT_REVISION, - 'encryption' => crypto_methods() + 'encryption' => crypto_methods(), + 'signing' => signing_methods() ]; if ($recipients) { -- cgit v1.2.3 From 029cf6395dc1da503ebda7718cae30a8c19de691 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 25 Jul 2017 17:58:46 -0700 Subject: sync key changes to clones --- include/zot.php | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 108 insertions(+), 6 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index f9682237e..a86948ef9 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2949,6 +2949,11 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { if($packet) logger('packet: ' . print_r($packet, true),LOGGER_DATA, LOG_DEBUG); + $keychange = (($packet && array_key_exists('keychange',$packet)) ? true : false); + if($keychange) { + logger('keychange sync'); + } + if(! $uid) $uid = local_channel(); @@ -2962,6 +2967,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { return; $channel = $r[0]; + unset($channel['channel_password']); unset($channel['channel_salt']); @@ -2972,12 +2978,11 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { } } - if(intval($channel['channel_removed'])) return; $h = q("select hubloc.*, site.site_crypto from hubloc left join site on site_url = hubloc_url where hubloc_hash = '%s' and hubloc_deleted = 0", - dbesc($channel['channel_hash']) + dbesc(($keychange) ? $packet['keychange']['old_hash'] : $channel['channel_hash']) ); if(! $h) @@ -3032,7 +3037,15 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { // don't pass these elements, they should not be synchronised - $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey','channel_address','channel_deleted','channel_removed','channel_system'); + + $disallowed = [ + 'channel_id','channel_account_id','channel_primary','channel_address', + 'channel_deleted','channel_removed','channel_system' + ]; + + if(! $keychange) { + $disallowed[] = 'channel_prvkey'; + } if(in_array($k,$disallowed)) continue; @@ -3092,17 +3105,18 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { function process_channel_sync_delivery($sender, $arr, $deliveries) { - require_once('include/import.php'); /** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */ - $result = array(); + $result = []; + + $keychange = ((array_key_exists('keychange',$arr)) ? true : false); foreach ($deliveries as $d) { $r = q("select * from channel where channel_hash = '%s' limit 1", - dbesc($d['hash']) + dbesc(($keychange) ? $arr['keychange']['old_hash'] : $d['hash']) ); if (! $r) { @@ -3121,6 +3135,94 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { continue; } + if($keychange) { + // verify the keychange operation + if(! rsa_verify($arr['channel']['channel_pubkey'],base64url_decode($arr['keychange']['new_sig']),$channel['channel_prvkey'])) { + logger('sync keychange: verification failed'); + continue; + } + + $sig = base64url_encode(rsa_sign($channel['channel_guid'],$arr['channel']['channel_prvkey'])); + $hash = make_xchan_hash($channel['channel_guid'],$sig); + + + $r = q("update channel set channel_prvkey = '%s', channel_pubkey = '%s', channel_guid_sig = '%s', + channel_hash = '%s' where channel_id = %d", + dbesc($arr['channel']['channel_prvkey']), + dbesc($arr['channel']['channel_pubkey']), + dbesc($sig), + dbesc($hash), + intval($channel['channel_id']) + ); + if(! $r) { + logger('keychange sync: channel update failed'); + continue; + } + + $r = q("select * from channel where channel_id = %d", + intval($channel['channel_id']) + ); + + if(! $r) { + logger('keychange sync: channel retrieve failed'); + continue; + } + + $channel = $r[0]; + + $h = q("select * from hubloc where hubloc_hash = '%s' and hubloc_url = '%s' ", + dbesc($arr['keychange']['old_hash']), + dbesc(z_root()) + ); + + if($h) { + foreach($h as $hv) { + $hv['hubloc_guid_sig'] = $sig; + $hv['hubloc_hash'] = $hash; + $hv['hubloc_url_sig'] = base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])); + hubloc_store_lowlevel($hv); + } + } + + $x = q("select * from xchan where xchan_hash = '%s' ", + dbesc($arr['keychange']['old_hash']) + ); + + $check = q("select * from xchan where xchan_hash = '%s'", + dbesc($hash) + ); + + if(($x) && (! $check)) { + $oldxchan = $x[0]; + foreach($x as $xv) { + $xv['xchan_guid_sig'] = $sig; + $xv['xchan_hash'] = $hash; + $xv['xchan_pubkey'] = $channel['channel_pubkey']; + xchan_store_lowlevel($xv); + $newxchan = $xv; + } + } + + $a = q("select * from abook where abook_xchan = '%s' and abook_self = 1", + dbesc($arr['keychange']['old_hash']) + ); + + if($a) { + q("update abook set abook_xchan = '%s' where abook_id = %d", + dbesc($hash), + intval($a[0]['abook_id']) + ); + } + + xchan_change_key($oldxchan,$newxchan,$arr['keychange']); + + // keychange operations can end up in a confused state if you try and sync anything else + // besides the channel keys, so ignore any other packets. + + continue; + } + + if(array_key_exists('config',$arr) && is_array($arr['config']) && count($arr['config'])) { foreach($arr['config'] as $cat => $k) { foreach($arr['config'][$cat] as $k => $v) -- cgit v1.2.3 From 7d82b5f28d3fe10792098d8ecc4c60e224b8bd3d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 25 Jul 2017 22:17:31 -0700 Subject: start to implement the code needed for verifying variable signature algorithms --- include/zot.php | 46 +++++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 15 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index a86948ef9..976b4290e 100644 --- a/include/zot.php +++ b/include/zot.php @@ -111,13 +111,15 @@ function zot_get_hublocs($hash) { */ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remote_key = null, $methods = '', $secret = null, $extra = null) { + $sig_method = get_config('system','signature_algorithm','sha256'); + $data = [ 'type' => $type, 'sender' => [ 'guid' => $channel['channel_guid'], - 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'])), + 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)), 'url' => z_root(), - 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), + 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'],$sig_method)), 'sitekey' => get_config('system','pubkey') ], 'callback' => '/post', @@ -135,7 +137,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot if ($secret) { $data['secret'] = $secret; - $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'])); + $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method)); } if ($extra) { @@ -576,6 +578,8 @@ function zot_register_hub($arr) { if($arr['url'] && $arr['url_sig'] && $arr['guid'] && $arr['guid_sig']) { + $sig_methods = ((array_key_exists('signing',$arr) && is_array($arr['signing'])) ? $arr['signing'] : [ 'sha256' ]); + $guid_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); $url = $arr['url'] . '/.well-known/zot-info/?f=&guid_hash=' . $guid_hash; @@ -595,17 +599,18 @@ function zot_register_hub($arr) { * our current communication. */ - if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'])) - && (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'])) + foreach($sig_methods as $method) { + if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'],$method)) + && (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'],$method)) && ($arr['guid'] === $record['guid']) && ($arr['guid_sig'] === $record['guid_sig'])) { - - $c = import_xchan($record); - if($c['success']) - $result['success'] = true; - } - else { - logger('zot_register_hub: failure to verify returned packet.'); + $c = import_xchan($record); + if($c['success']) + $result['success'] = true; + } + else { + logger('zot_register_hub: failure to verify returned packet using ' . $method); + } } } } @@ -658,8 +663,19 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $import_photos = false; - if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'])) { - logger('import_xchan: Unable to verify channel signature for ' . $arr['address']); + $sig_methods = ((array_key_exists('signing',$arr) && is_array($arr['signing'])) ? $arr['signing'] : [ 'sha256' ]); + $verified = false; + + foreach($sig_methods as $method) { + if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'],$method)) { + logger('import_xchan: Unable to verify channel signature for ' . $arr['address'] . ' using ' . $method); + continue; + } + else { + $verified = true; + } + } + if(! $verified) { $ret['message'] = t('Unable to verify channel signature'); return $ret; } @@ -918,7 +934,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { } elseif(! $ud_flags) { // nothing changed but we still need to update the updates record - q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ", + q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) > 0 ", intval(UPDATE_FLAGS_UPDATED), dbesc($address), intval(UPDATE_FLAGS_UPDATED) -- cgit v1.2.3 From 769f697ae32b9c8a2ac30d7e9e349c1f54975219 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 26 Jul 2017 16:36:09 -0700 Subject: more work on signature algorithm choice --- include/zot.php | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 976b4290e..75c37836d 100644 --- a/include/zot.php +++ b/include/zot.php @@ -31,9 +31,9 @@ require_once('include/perm_upgrade.php'); * @param string $channel_nick a unique nickname of controlling entity * @returns string */ + function zot_new_uid($channel_nick) { $rawstr = z_root() . '/' . $channel_nick . '.' . mt_rand(); - return(base64url_encode(hash('whirlpool', $rawstr, true), true)); } @@ -49,6 +49,7 @@ function zot_new_uid($channel_nick) { * @param string $guid * @param string $guid_sig */ + function make_xchan_hash($guid, $guid_sig) { return base64url_encode(hash('whirlpool', $guid . $guid_sig, true)); } @@ -62,17 +63,17 @@ function make_xchan_hash($guid, $guid_sig) { * @param string $hash - xchan_hash * @returns array of hubloc (hub location structures) * * \b hubloc_id int - * * \b hubloc_guid char(255) + * * \b hubloc_guid char(191) * * \b hubloc_guid_sig text - * * \b hubloc_hash char(255) - * * \b hubloc_addr char(255) + * * \b hubloc_hash char(191) + * * \b hubloc_addr char(191) * * \b hubloc_flags int * * \b hubloc_status int - * * \b hubloc_url char(255) + * * \b hubloc_url char(191) * * \b hubloc_url_sig text - * * \b hubloc_host char(255) - * * \b hubloc_callback char(255) - * * \b hubloc_connect char(255) + * * \b hubloc_host char(191) + * * \b hubloc_callback char(191) + * * \b hubloc_connect char(191) * * \b hubloc_sitekey text * * \b hubloc_updated datetime * * \b hubloc_connected datetime @@ -97,7 +98,7 @@ function zot_get_hublocs($hash) { * @param array $channel * sender channel structure * @param string $type - * packet type: one of 'ping', 'pickup', 'purge', 'refresh', 'force_refresh', 'notify', 'auth_check' + * packet type: one of 'ping', 'pickup', 'purge', 'refresh', 'keychange', 'force_refresh', 'notify', 'auth_check' * @param array $recipients * envelope information, array ( 'guid' => string, 'guid_sig' => string ); empty for public posts * @param string $remote_key @@ -532,7 +533,7 @@ function zot_gethub($arr, $multiple = false) { } $limit = (($multiple) ? '' : ' limit 1 '); - $sitekey = ((array_key_exists('sitekey',$arr) && $arr['sitekey']) ? " and hubloc_sitekey = '" . protect_sprintf($arr['sitekey']) . "' " : ''); + $sitekey = ((array_key_exists('sitekey',$arr) && $arr['sitekey']) ? " and hubloc_sitekey = '" . dbesc(protect_sprintf($arr['sitekey'])) . "' " : ''); $r = q("select hubloc.*, site.site_crypto from hubloc left join site on hubloc_url = site_url where hubloc_guid = '%s' and hubloc_guid_sig = '%s' @@ -3925,6 +3926,8 @@ function zotinfo($arr) { $ret = array('success' => false); + $sig_method = get_config('system','signature_algorithm','sha256'); + $zhash = ((x($arr,'guid_hash')) ? $arr['guid_hash'] : ''); $zguid = ((x($arr,'guid')) ? $arr['guid'] : ''); $zguid_sig = ((x($arr,'guid_sig')) ? $arr['guid_sig'] : ''); @@ -4088,7 +4091,7 @@ function zotinfo($arr) { // Communication details if($token) - $ret['signed_token'] = base64url_encode(rsa_sign('token.' . $token,$e['channel_prvkey'])); + $ret['signed_token'] = base64url_encode(rsa_sign('token.' . $token,$e['channel_prvkey'],$sig_method)); $ret['guid'] = $e['xchan_guid']; @@ -4157,7 +4160,7 @@ function zotinfo($arr) { $ret['site'] = array(); $ret['site']['url'] = z_root(); - $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$e['channel_prvkey'])); + $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$e['channel_prvkey'],$sig_method)); $ret['site']['zot_auth'] = z_root() . '/magic'; $dirmode = get_config('system','directory_mode'); @@ -4175,6 +4178,7 @@ function zotinfo($arr) { $ret['site']['encryption'] = crypto_methods(); + $ret['site']['signing'] = signing_methods(); // hide detailed site information if you're off the grid -- cgit v1.2.3 From 68b32cd8f414fc3df1279a3458082b2d8dfc3430 Mon Sep 17 00:00:00 2001 From: git-marijus Date: Sun, 6 Aug 2017 21:40:39 +0200 Subject: consolidate disable_discover_tab config if it was not yet set to either 1 or 0 in DB --- include/zot.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 75c37836d..3e2a66734 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1344,8 +1344,10 @@ function public_recips($msg) { $include_sys = false; if($msg['message']['type'] === 'activity') { - if(! get_config('system','disable_discover_tab')) + $disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false; + if(! $disable_discover_tab) $include_sys = true; + $perm = 'send_stream'; if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) { -- cgit v1.2.3 From 64cf36a2b5dc314728fbb262471f1dd7b0ad2d96 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 23 Aug 2017 19:25:42 -0700 Subject: lognoise: don't log sync packet contents if there are no clones to receive them --- include/zot.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 3e2a66734..343bc8ad8 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2965,8 +2965,6 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { logger('build_sync_packet'); - if($packet) - logger('packet: ' . print_r($packet, true),LOGGER_DATA, LOG_DEBUG); $keychange = (($packet && array_key_exists('keychange',$packet)) ? true : false); if($keychange) { @@ -3033,6 +3031,9 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { $env_recips = array(); $env_recips[] = array('guid' => $r[0]['xchan_guid'],'guid_sig' => $r[0]['xchan_guid_sig']); + if($packet) + logger('packet: ' . print_r($packet, true),LOGGER_DATA, LOG_DEBUG); + $info = (($packet) ? $packet : array()); $info['type'] = 'channel_sync'; $info['encoding'] = 'red'; // note: not zot, this packet is very platform specific -- cgit v1.2.3 From fc62f07a089daf698953e6e4197668fbf8aebef9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 3 Sep 2017 23:50:18 -0700 Subject: validate the security context --- include/zot.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 343bc8ad8..56bd7d212 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4621,6 +4621,7 @@ function zot_reply_auth_check($data,$encrypted_packet) { // First verify their signature. We will have obtained a zot-info packet from them as part of the sender // verification. + // needs a nonce!!!! if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; -- cgit v1.2.3 From 6147f819ce908d7a52f905658e827c48aad92074 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 5 Sep 2017 17:12:31 -0700 Subject: avoid a security patch and resultant compatibility issues; instead restrict the input characters we accept in token verification strings to hex digits. This will all be changing in the coming weeks/months anyway. --- include/zot.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 56bd7d212..cb213eff3 100644 --- a/include/zot.php +++ b/include/zot.php @@ -137,7 +137,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot } if ($secret) { - $data['secret'] = $secret; + $data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret); $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method)); } @@ -4621,7 +4621,6 @@ function zot_reply_auth_check($data,$encrypted_packet) { // First verify their signature. We will have obtained a zot-info packet from them as part of the sender // verification. - // needs a nonce!!!! if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; -- cgit v1.2.3 From 13788af90838d66b1c701f935862a37fcc7262f4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 13 Sep 2017 19:20:16 -0700 Subject: Zot6: some things that need to be done ahead of time so we can turbocharge the delivery engine and split off site records from channel records. --- include/zot.php | 46 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 11 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index cb213eff3..7443a2dba 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2875,8 +2875,13 @@ function import_site($arr, $pubkey) { $site_directory = DIRECTORY_MODE_NORMAL; } + $site_flags = $site_directory; + + if(array_key_exists('zot',$arr) && ((float) $arr['zot']) >= 6.0) + $site_flags = ($site_flags & ZOT6_COMPLIANT); + if($exists) { - if(($siterecord['site_flags'] != $site_directory) + if(($siterecord['site_flags'] != $site_flags) || ($siterecord['site_access'] != $access_policy) || ($siterecord['site_directory'] != $directory_url) || ($siterecord['site_sellpage'] != $sellpage) @@ -2896,7 +2901,7 @@ function import_site($arr, $pubkey) { $r = q("update site set site_dead = 0, site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s', site_type = %d, site_project = '%s', site_version = '%s', site_crypto = '%s' where site_url = '%s'", dbesc($site_location), - intval($site_directory), + intval($site_flags), intval($access_policy), dbesc($directory_url), intval($register_policy), @@ -2929,7 +2934,7 @@ function import_site($arr, $pubkey) { 'site_location' => $site_location, 'site_url' => $url, 'site_access' => intval($access_policy), - 'site_flags' => intval($site_directory), + 'site_flags' => intval($site_flags), 'site_update' => datetime_convert(), 'site_directory' => $directory_url, 'site_register' => intval($register_policy), @@ -4161,9 +4166,27 @@ function zotinfo($arr) { if($x) $ret['locations'] = $x; - $ret['site'] = array(); + $ret['site'] = zot_site_info($e); + + + check_zotinfo($e,$x,$ret); + + + call_hooks('zot_finger',$ret); + return($ret); + +} + + +function zot_site_info($channel = null) { + + $signing_key = (($channel) ? $channel['channel_prvkey'] : get_config('system','prvkey')); + $sig_method = get_config('system','signature_algorithm','sha256'); + + $ret = []; + $ret['site'] = []; $ret['site']['url'] = z_root(); - $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$e['channel_prvkey'],$sig_method)); + $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); $ret['site']['zot_auth'] = z_root() . '/magic'; $dirmode = get_config('system','directory_mode'); @@ -4182,6 +4205,12 @@ function zotinfo($arr) { $ret['site']['encryption'] = crypto_methods(); $ret['site']['signing'] = signing_methods(); + if(function_exists('zotvi_load')) { + $ret['site']['zot'] = '6.0'; + } + else { + $ret['site']['zot'] = ZOT_REVISION; + } // hide detailed site information if you're off the grid @@ -4234,15 +4263,10 @@ function zotinfo($arr) { } - check_zotinfo($e,$x,$ret); - - - call_hooks('zot_finger',$ret); - return($ret); + return $ret['site']; } - function check_zotinfo($channel,$locations,&$ret) { -- cgit v1.2.3 From b5966041be46ab7a16dc1ee93b5a07c5461bc73c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 13 Sep 2017 20:40:01 -0700 Subject: more zot6 --- include/zot.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 7443a2dba..c819e26a5 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4188,6 +4188,7 @@ function zot_site_info($channel = null) { $ret['site']['url'] = z_root(); $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); $ret['site']['zot_auth'] = z_root() . '/magic'; + $ret['site']['key'] = get_config('system','pubkey'); $dirmode = get_config('system','directory_mode'); if(($dirmode === false) || ($dirmode == DIRECTORY_MODE_NORMAL)) -- cgit v1.2.3 From 5be132f877f792e7b122a2b6ca18934b31b2f10c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 13 Sep 2017 21:36:59 -0700 Subject: make wiki page mimetype default to wiki mimetype (this was the original intent but the wrong variable was used) --- include/zot.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index c819e26a5..c8321c2ae 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4187,7 +4187,9 @@ function zot_site_info($channel = null) { $ret['site'] = []; $ret['site']['url'] = z_root(); $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); - $ret['site']['zot_auth'] = z_root() . '/magic'; + $ret['site']['post'] = z_root() . '/post'; + $ret['site']['openWebAuth'] = z_root() . '/owa'; + $ret['site']['authRedirect'] = z_root() . '/magic'; $ret['site']['key'] = get_config('system','pubkey'); $dirmode = get_config('system','directory_mode'); -- cgit v1.2.3 From 3456c192feeab9495693e2cbdcff16fe99bff932 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 21 Sep 2017 23:37:13 -0700 Subject: encrypt delivery reports. This will cause a bit of consternation because this is not backward compatible and older sites will see some incorrect delivery reports from newer sites until the next upgrade; as their systems will not know how to read the ecnrypted final reports. --- include/zot.php | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index c8321c2ae..f03445781 100644 --- a/include/zot.php +++ b/include/zot.php @@ -977,6 +977,18 @@ function zot_process_response($hub, $arr, $outq) { } if(is_array($x) && array_key_exists('delivery_report',$x) && is_array($x['delivery_report'])) { + + if(array_key_exists('iv',$x['delivery_report'])) { + $j = crypto_unencapsulate($x['delivery_report'],get_config('system','prvkey')); + if($j) { + $x['delivery_report'] = json_decode($j,true); + } + if(! (is_array($x['delivery_report']) && count($x['delivery_report']))) { + logger('encrypted delivery report could not be decrypted'); + return; + } + } + foreach($x['delivery_report'] as $xx) { if(is_array($xx) && array_key_exists('message_id',$xx) && delivery_report_is_storable($xx)) { q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ", @@ -1048,13 +1060,15 @@ function zot_fetch($arr) { foreach($ret_hubs as $ret_hub) { + $secret = substr(preg_replace('/[^0-9a-fA-F]/','',$arr['secret']),0,64); + $data = [ 'type' => 'pickup', 'url' => z_root(), 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))), 'callback' => z_root() . '/post', - 'secret' => $arr['secret'], - 'secret_sig' => base64url_encode(rsa_sign($arr['secret'], get_config('system','prvkey'))) + 'secret' => $secret, + 'secret_sig' => base64url_encode(rsa_sign($secret, get_config('system','prvkey'))) ]; $algorithm = zot_best_algorithm($ret_hub['site_crypto']); @@ -1064,8 +1078,11 @@ function zot_fetch($arr) { $result = zot_import($fetch, $arr['sender']['url']); - if($result) + if($result) { + $result = crypto_encapsulate(json_encode($result),$ret_hub['hubloc_sitekey'], $algorithm); return $result; + } + } return; -- cgit v1.2.3 From 1650d79862c0e89887ede279a19c8df07fe0d927 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 24 Sep 2017 19:45:19 -0700 Subject: tagging changes - provides ability to mention a forum by using !forumname as well as the traditional red style (@forumname+). This should probably not be advertised on a wide scale until after a critical mass of sites have updated to a version containing these changes. This adds yet another option type to the ACL module which probably needs refactoring soon since it is turning into option type spaghetti. --- include/zot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index f03445781..1a9692ae9 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1432,7 +1432,7 @@ function public_recips($msg) { if($msg['message']['tags']) { if(is_array($msg['message']['tags']) && $msg['message']['tags']) { foreach($msg['message']['tags'] as $tag) { - if(($tag['type'] === 'mention') && (strpos($tag['url'],z_root()) !== false)) { + if(($tag['type'] === 'mention' || $tag['type'] === 'forum') && (strpos($tag['url'],z_root()) !== false)) { $address = basename($tag['url']); if($address) { $z = q("select channel_hash as hash from channel where channel_address = '%s' -- cgit v1.2.3 From 66334374af2a19fb76383028975724b9eda03cf2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 25 Sep 2017 17:30:33 -0700 Subject: zot_site_info - always sign the site block with the site private key --- include/zot.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 1a9692ae9..a9ec95baa 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4183,7 +4183,7 @@ function zotinfo($arr) { if($x) $ret['locations'] = $x; - $ret['site'] = zot_site_info($e); + $ret['site'] = zot_site_info(); check_zotinfo($e,$x,$ret); @@ -4195,10 +4195,10 @@ function zotinfo($arr) { } -function zot_site_info($channel = null) { +function zot_site_info() { - $signing_key = (($channel) ? $channel['channel_prvkey'] : get_config('system','prvkey')); - $sig_method = get_config('system','signature_algorithm','sha256'); + $signing_key = get_config('system','prvkey'); + $sig_method = get_config('system','signature_algorithm','sha256'); $ret = []; $ret['site'] = []; -- cgit v1.2.3 From d91a82430ad4ea9def4f0c033df4be34cb26d42e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 25 Sep 2017 20:11:21 -0700 Subject: more zot6 basic stuff --- include/zot.php | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index a9ec95baa..af7fbf8fd 100644 --- a/include/zot.php +++ b/include/zot.php @@ -124,7 +124,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot 'sitekey' => get_config('system','pubkey') ], 'callback' => '/post', - 'version' => ZOT_REVISION, + 'version' => Zotlabs\Lib\System::get_zot_revision(), 'encryption' => crypto_methods(), 'signing' => signing_methods() ]; @@ -2894,8 +2894,9 @@ function import_site($arr, $pubkey) { $site_flags = $site_directory; - if(array_key_exists('zot',$arr) && ((float) $arr['zot']) >= 6.0) - $site_flags = ($site_flags & ZOT6_COMPLIANT); + if(array_key_exists('zot',$arr)) { + set_sconfig($arr['url'],'system','zot_version',$arr['zot']); + } if($exists) { if(($siterecord['site_flags'] != $site_flags) @@ -4225,12 +4226,7 @@ function zot_site_info() { $ret['site']['encryption'] = crypto_methods(); $ret['site']['signing'] = signing_methods(); - if(function_exists('zotvi_load')) { - $ret['site']['zot'] = '6.0'; - } - else { - $ret['site']['zot'] = ZOT_REVISION; - } + $ret['site']['zot'] = Zotlabs\Lib\System::get_zot_revision(); // hide detailed site information if you're off the grid -- cgit v1.2.3 From ff8ee6fb2250d2188962f4b27de91b89465cc3d5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 10 Oct 2017 22:02:22 -0700 Subject: for federated forums we need to keep track of what protocols are available to red/hubzilla channels to determine which posts need to be mangled for transport to individual networks - based on what networks the author can communicate with. We probably need this for all xchans and hublocs but at some point it becomes increasingly difficult to scrape this information and map out a compatibility matrix. It's also doubtful anybody will use this system because we basically have to forge comments between network sites involving different protocols and this is going to look like crap to anybody that isn't on red/Hubzilla. Eventually they have to fix their protocols for this to work correctly, but nobody seems to believe me that their networks are basically anti-federation, so we need something like this to highlight their walled garden specifications and the resulting federation problems in a form they can't really argue with. --- include/zot.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index af7fbf8fd..b6df6bca8 100644 --- a/include/zot.php +++ b/include/zot.php @@ -718,6 +718,16 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { if(intval($r[0]['xchan_pubforum']) != intval($arr['public_forum'])) $pubforum_changed = 1; + if($arr['protocols']) { + $protocols = implode(',',$arr['protocols']); + if($protocols !== 'zot') { + set_xconfig($xchan_hash,'system','protocols',$protocols); + } + else { + del_xconfig($xchan_hash,'system','protocols'); + } + } + if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_addr'] != $arr['address']) @@ -4035,6 +4045,11 @@ function zotinfo($arr) { $id = $e['channel_id']; + $x = [ 'channel_id' => $id, 'protocols' => 'zot' ]; + call_hooks('channel_protocols',$x); + $protocols = $x['protocols']; + + $sys_channel = (intval($e['channel_system']) ? true : false); $special_channel = (($e['channel_pageflags'] & PAGE_PREMIUM) ? true : false); $adult_channel = (($e['channel_pageflags'] & PAGE_ADULT) ? true : false); @@ -4135,6 +4150,7 @@ function zotinfo($arr) { $ret['target'] = $ztarget; $ret['target_sig'] = $zsig; $ret['searchable'] = $searchable; + $ret['protocols'] = $protocols; $ret['adult_content'] = $adult_channel; $ret['public_forum'] = $public_forum; if($deleted) -- cgit v1.2.3 From 6acd96fd33038f0e3535af6861d1ba658098abc8 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 11 Oct 2017 17:52:03 -0700 Subject: typo --- include/zot.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index b6df6bca8..da1f3bfa1 100644 --- a/include/zot.php +++ b/include/zot.php @@ -312,6 +312,7 @@ function zot_refresh($them, $channel = null, $force = false) { logger('zot_refresh: ' . $url, LOGGER_DATA, LOG_INFO); + $result = z_post_url($url . $rhs,$postvars); if ($result['success']) { @@ -4045,7 +4046,7 @@ function zotinfo($arr) { $id = $e['channel_id']; - $x = [ 'channel_id' => $id, 'protocols' => 'zot' ]; + $x = [ 'channel_id' => $id, 'protocols' => ['zot'] ]; call_hooks('channel_protocols',$x); $protocols = $x['protocols']; -- cgit v1.2.3 From cf7481da53d051c385dbff8d813befc34c8f68ef Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 16 Oct 2017 15:20:45 -0700 Subject: regression in zot site info after zot6 work --- include/zot.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index da1f3bfa1..55632fc31 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4201,8 +4201,7 @@ function zotinfo($arr) { if($x) $ret['locations'] = $x; - $ret['site'] = zot_site_info(); - + $ret['site'] = zot_site_info($e['xchan_pubkey']); check_zotinfo($e,$x,$ret); @@ -4213,7 +4212,7 @@ function zotinfo($arr) { } -function zot_site_info() { +function zot_site_info($channel_key = '') { $signing_key = get_config('system','prvkey'); $sig_method = get_config('system','signature_algorithm','sha256'); @@ -4221,7 +4220,10 @@ function zot_site_info() { $ret = []; $ret['site'] = []; $ret['site']['url'] = z_root(); - $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); + if($channel_key) { + $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$channel_key,$sig_method)); + } + $ret['site']['url_site_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); $ret['site']['post'] = z_root() . '/post'; $ret['site']['openWebAuth'] = z_root() . '/owa'; $ret['site']['authRedirect'] = z_root() . '/magic'; -- cgit v1.2.3 From 8c57ed64d08b0ccea08431d97d5510a28aa8a2a7 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 22 Oct 2017 12:35:17 -0700 Subject: wrong key --- include/zot.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 55632fc31..dad30dbb0 100644 --- a/include/zot.php +++ b/include/zot.php @@ -361,8 +361,6 @@ function zot_refresh($them, $channel = null, $force = false) { else $permissions = $j['permissions']; - $connected_set = false; - if($permissions && is_array($permissions)) { $old_read_stream_perm = get_abconfig($channel['channel_id'],$x['hash'],'their_perms','view_stream'); @@ -4177,7 +4175,7 @@ function zotinfo($arr) { if($ztarget_hash) { $permissions['connected'] = false; - $b = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + $b = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and abook_pending = 0 limit 1", dbesc($ztarget_hash), intval($e['channel_id']) ); @@ -4201,7 +4199,7 @@ function zotinfo($arr) { if($x) $ret['locations'] = $x; - $ret['site'] = zot_site_info($e['xchan_pubkey']); + $ret['site'] = zot_site_info($e['channel_prvkey']); check_zotinfo($e,$x,$ret); -- cgit v1.2.3