harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto updates

Browse Source
This commit is contained in:
zotlabs 2017-04-02 16:44:44 -07:00
parent 95f4f14dca
commit a76ad1478f
3 changed files with 35 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
boot.php
View File

@ -619,9 +619,6 @@ function sys_boot() {
define( 'DEFAULT_NOTIFY_ICON', '/images/hz-white-32.png' ); define( 'DEFAULT_NOTIFY_ICON', '/images/hz-white-32.png' );
} }
if(! defined('CRYPTO_ALGORITHM')) {
define( 'CRYPTO_ALGORITHM', 'aes256cbc' );
}
/* /*
* Try to open the database; * Try to open the database;

44
include/crypto.php
View File

@ -55,6 +55,7 @@ function AES256CBC_decrypt($data,$key,$iv) {
return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
} }
function AES128CBC_encrypt($data,$key,$iv) { function AES128CBC_encrypt($data,$key,$iv) {
$key = substr($key,0,16); $key = substr($key,0,16);
$iv = substr($iv,0,16); $iv = substr($iv,0,16);
@ -67,18 +68,33 @@ function AES128CBC_decrypt($data,$key,$iv) {
return openssl_decrypt($data,'aes-128-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); return openssl_decrypt($data,'aes-128-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
} }
function STD_encrypt($data,$key,$iv) {
function AES256CTR_encrypt($data,$key,$iv) {
$key = substr($key,0,32); $key = substr($key,0,32);
$iv = substr($iv,0,16); $iv = substr($iv,0,16);
return openssl_encrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); return openssl_encrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
} }
function STD_decrypt($data,$key,$iv) { function AES256CTR_decrypt($data,$key,$iv) {
$key = substr($key,0,32); $key = substr($key,0,32);
$iv = substr($iv,0,16); $iv = substr($iv,0,16);
return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); return openssl_decrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
} }
function CAMELLIA256CFB_encrypt($data,$key,$iv) {
$key = substr($key,0,32);
$iv = substr($iv,0,16);
return openssl_encrypt($data,'camellia-256-cfb',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
}
function CAMELLIA256CFB_decrypt($data,$key,$iv) {
$key = substr($key,0,32);
$iv = substr($iv,0,16);
return openssl_decrypt($data,'camellia-256-cfb',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
}
function CAST5CBC_encrypt($data,$key,$iv) { function CAST5CBC_encrypt($data,$key,$iv) {
$key = substr($key,0,16); $key = substr($key,0,16);
$iv = substr($iv,0,8); $iv = substr($iv,0,8);
@ -91,6 +107,20 @@ function CAST5CBC_decrypt($data,$key,$iv) {
return openssl_decrypt($data,'cast5-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); return openssl_decrypt($data,'cast5-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0"));
} }
function CAST5CFB_encrypt($data,$key,$iv) {
$key = substr($key,0,16);
$iv = substr($iv,0,8);
return openssl_encrypt($data,'cast5-cfb',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0"));
}
function CAST5CFB_decrypt($data,$key,$iv) {
$key = substr($key,0,16);
$iv = substr($iv,0,8);
return openssl_decrypt($data,'cast5-cfb',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0"));
}
function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') {
$fn = strtoupper($alg) . '_encrypt'; $fn = strtoupper($alg) . '_encrypt';
@ -142,17 +172,13 @@ function other_encapsulate($data,$pubkey,$alg) {
function crypto_methods() { function crypto_methods() {
if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
return [ 'aes256cbc' ];
// 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv.
// aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. // aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv.
// other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a // other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a
// particular implementation or choice of underlying implementations based on the key/iv length. // particular implementation or choice of underlying implementations based on the key/iv length.
// The actual methods are responsible for deriving the actual key/iv from the provided parameters; // The actual methods are responsible for deriving the actual key/iv from the provided parameters;
// possibly by truncation or segmentation - though many other methods could be used. // possibly by truncation or segmentation - though many other methods could be used.
$r = [ 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; $r = [ 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
call_hooks('crypto_methods',$r); call_hooks('crypto_methods',$r);
return $r; return $r;

3
include/zot.php
View File

@ -165,9 +165,6 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
function zot_best_algorithm($methods) { function zot_best_algorithm($methods) {
if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
return 'aes256cbc';
$x = [ 'methods' => $methods, 'result' => '' ]; $x = [ 'methods' => $methods, 'result' => '' ];
call_hooks('zot_best_algorithm',$x); call_hooks('zot_best_algorithm',$x);
if($x['result']) if($x['result'])