harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mail_obscure - AES-256 is way too slow, simplify. Ideally a substitution cipher would be adequate for our requirements.

Browse Source
This commit is contained in:
redmatrix 2015-05-19 02:16:12 -07:00
parent c11b1f8b0d
commit 77e2ef45f0
5 changed files with 29 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/diaspora.php
View File

@ -1703,11 +1703,10 @@ function diaspora_conversation($importer,$xml,$msg) {
continue; continue;
} }
$key = get_config('system','pubkey');
if($subject) if($subject)
$subject = json_encode(crypto_encapsulate($subject,$key)); $subject = base64url_encode($subject);
if($body) if($body)
$body = json_encode(crypto_encapsulate($body,$key)); $body = base64url_encode($body);
q("insert into mail ( `channel_id`, `convid`, `from_xchan`,`to_xchan`,`title`,`body`,`mail_flags`,`mid`,`parent_mid`,`created`) values ( %d, %d, '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s')", q("insert into mail ( `channel_id`, `convid`, `from_xchan`,`to_xchan`,`title`,`body`,`mail_flags`,`mid`,`parent_mid`,`created`) values ( %d, %d, '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s')",
intval($importer['channel_id']), intval($importer['channel_id']),
@ -1837,9 +1836,9 @@ function diaspora_message($importer,$xml,$msg) {
$key = get_config('system','pubkey'); $key = get_config('system','pubkey');
if($subject) if($subject)
$subject = json_encode(crypto_encapsulate($subject,$key)); $subject = base64url_encode($subject);
if($body) if($body)
$body = json_encode(crypto_encapsulate($body,$key)); $body = base64url_encode($body);
q("insert into mail ( `channel_id`, `convid`, `from_xchan`,`to_xchan`,`title`,`body`,`mail_flags`,`mid`,`parent_mid`,`created`) values ( %d, %d, '%s', '%s', '%s', '%s', '%d','%s','%s','%s')", q("insert into mail ( `channel_id`, `convid`, `from_xchan`,`to_xchan`,`title`,`body`,`mail_flags`,`mid`,`parent_mid`,`created`) values ( %d, %d, '%s', '%s', '%s', '%s', '%d','%s','%s','%s')",
intval($importer['channel_id']), intval($importer['channel_id']),
@ -2861,11 +2860,10 @@ function diaspora_send_mail($item,$owner,$contact) {
); );
if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) { if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) {
$key = get_config('system','prvkey'); if($item['title'])
// if($item['title']) $item['title'] = base64url_decode($item['title']);
// $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
if($item['body']) if($item['body'])
$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); $item['body'] = base64url_decode($item['body']);
} }

19
include/items.php
View File

@ -1399,11 +1399,10 @@ function encode_mail($item) {
$x['encoding'] = 'zot'; $x['encoding'] = 'zot';
if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) { if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) {
$key = get_config('system','prvkey');
if($item['title']) if($item['title'])
$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); $item['title'] = base64url_decode($item['title']);
if($item['body']) if($item['body'])
$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); $item['body'] = base64url_decode($item['body']);
} }
$x['message_id'] = $item['mid']; $x['message_id'] = $item['mid'];
@ -1455,13 +1454,15 @@ function get_mail_elements($x) {
$key = get_config('system','pubkey'); $key = get_config('system','pubkey');
$arr['mail_flags'] |= MAIL_OBSCURED; $arr['mail_flags'] |= MAIL_OBSCURED;
$arr['body'] = htmlspecialchars($arr['body'],ENT_COMPAT,'UTF-8',false); if($arr['body']) {
if($arr['body']) $arr['body'] = base64url_encode($arr['body']);
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); $arr['body'] = htmlspecialchars($arr['body'],ENT_COMPAT,'UTF-8',false);
$arr['title'] = htmlspecialchars($arr['title'],ENT_COMPAT,'UTF-8',false); }
if($arr['title'])
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
if($arr['title']) {
$arr['title'] = base64url_encode($arr['title']);
$arr['title'] = htmlspecialchars($arr['title'],ENT_COMPAT,'UTF-8',false);
}
if($arr['created'] > datetime_convert()) if($arr['created'] > datetime_convert())
$arr['created'] = datetime_convert(); $arr['created'] = datetime_convert();

22
include/message.php
View File

@ -163,11 +163,10 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
$jattach = (($attachments) ? json_encode($attachments) : ''); $jattach = (($attachments) ? json_encode($attachments) : '');
$key = get_config('system','pubkey');
if($subject) if($subject)
$subject = json_encode(crypto_encapsulate($subject,$key)); $subject = base64url_encode($subject);
if($body) if($body)
$body = json_encode(crypto_encapsulate($body,$key)); $body = base64url_encode($body);
@ -242,6 +241,8 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
$where = ''; $where = '';
$limit = ''; $limit = '';
$t0 = dba_timer();
if($numitems) if($numitems)
$limit = " LIMIT " . intval($numitems) . " OFFSET " . intval($start); $limit = " LIMIT " . intval($numitems) . " OFFSET " . intval($start);
@ -284,11 +285,10 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
$r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c); $r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c);
$r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0); $r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0);
if($r[$k]['mail_flags'] & MAIL_OBSCURED) { if($r[$k]['mail_flags'] & MAIL_OBSCURED) {
$key = get_config('system','prvkey');
if($r[$k]['title']) if($r[$k]['title'])
$r[$k]['title'] = crypto_unencapsulate(json_decode_plus($r[$k]['title']),$key); $r[$k]['title'] = base64url_decode($r[$k]['title']);
if($r[$k]['body']) if($r[$k]['body'])
$r[$k]['body'] = crypto_unencapsulate(json_decode_plus($r[$k]['body']),$key); $r[$k]['body'] = base64url_decode($r[$k]['body']);
} }
} }
@ -323,11 +323,10 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
$key = get_config('system','prvkey');
if($messages[$k]['title']) if($messages[$k]['title'])
$messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key); $messages[$k]['title'] = base64url_decode($messages[$k]['title']);
if($messages[$k]['body']) if($messages[$k]['body'])
$messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key); $messages[$k]['body'] = base64url_decode($messages[$k]['body']);
} }
} }
@ -411,11 +410,10 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
$key = get_config('system','prvkey');
if($messages[$k]['title']) if($messages[$k]['title'])
$messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key); $messages[$k]['title'] = base64url_decode($messages[$k]['title']);
if($messages[$k]['body']) if($messages[$k]['body'])
$messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key); $messages[$k]['body'] = base64url_decode($messages[$k]['body']);
} }
} }

5
include/text.php
View File

@ -1198,11 +1198,10 @@ function unobscure(&$item) {
function unobscure_mail(&$item) { function unobscure_mail(&$item) {
if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) { if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) {
$key = get_config('system','prvkey');
if($item['title']) if($item['title'])
$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); $item['title'] = base64url_decode($item['title']);
if($item['body']) if($item['body'])
$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); $item['body'] = base64url_decode($item['body']);
} }
} }

2
mod/message.php
View File

@ -25,7 +25,6 @@ function message_content(&$a) {
$cipher = 'aes256'; $cipher = 'aes256';
$tpl = get_markup_template('mail_head.tpl'); $tpl = get_markup_template('mail_head.tpl');
$header = replace_macros($tpl, array( $header = replace_macros($tpl, array(
'$messages' => t('Messages'), '$messages' => t('Messages'),
@ -49,7 +48,6 @@ function message_content(&$a) {
// private_messages_list() can do other more complicated stuff, for now keep it simple // private_messages_list() can do other more complicated stuff, for now keep it simple
$r = private_messages_list(local_channel(), '', $a->pager['start'], $a->pager['itemspage']); $r = private_messages_list(local_channel(), '', $a->pager['start'], $a->pager['itemspage']);
if(! $r) { if(! $r) {