OAEP padding mismatch on some newer encryption methods
This commit is contained in:
zotlabs
parent
a310cb2fbb
commit
b6b4827680
@ -126,11 +126,11 @@ function other_encapsulate($data,$pubkey,$alg) {
|
|||||||
|
|
||||||
if(strpos($alg,'.oaep')) {
|
if(strpos($alg,'.oaep')) {
|
||||||
$oaep = true;
|
$oaep = true;
|
||||||
$alg = substr($alg,0,-5);
|
$subalg = substr($alg,0,-5);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$fn = strtoupper($alg) . '_encrypt';
|
$fn = strtoupper($subalg) . '_encrypt';
|
||||||
if(function_exists($fn)) {
|
if(function_exists($fn)) {
|
||||||
|
|
||||||
// A bit hesitant to use openssl_random_pseudo_bytes() as we know
|
// A bit hesitant to use openssl_random_pseudo_bytes() as we know
|
||||||
@ -160,7 +160,7 @@ function other_encapsulate($data,$pubkey,$alg) {
|
|||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$x = [ 'data' => $data, 'pubkey' => $pubkey, 'alg' => $alg, 'result' => $data ];
|
$x = [ 'data' => $data, 'pubkey' => $pubkey, 'alg' => $subalg, 'result' => $data ];
|
||||||
call_hooks('other_encapsulate', $x);
|
call_hooks('other_encapsulate', $x);
|
||||||
return $x['result'];
|
return $x['result'];
|
||||||
}
|
}
|
||||||
@ -215,6 +215,7 @@ function aes_encapsulate($data,$pubkey) {
|
|||||||
function crypto_unencapsulate($data,$prvkey) {
|
function crypto_unencapsulate($data,$prvkey) {
|
||||||
if(! $data)
|
if(! $data)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
$alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
|
$alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
|
||||||
if($alg === 'aes256cbc')
|
if($alg === 'aes256cbc')
|
||||||
return aes_unencapsulate($data,$prvkey);
|
return aes_unencapsulate($data,$prvkey);
|
||||||
@ -229,18 +230,18 @@ function other_unencapsulate($data,$prvkey,$alg) {
|
|||||||
|
|
||||||
if(strpos($alg,'.oaep')) {
|
if(strpos($alg,'.oaep')) {
|
||||||
$oaep = true;
|
$oaep = true;
|
||||||
$alg = substr($alg,0,-5);
|
$subalg = substr($alg,0,-5);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$fn = strtoupper($alg) . '_decrypt';
|
$fn = strtoupper($subalg) . '_decrypt';
|
||||||
if(function_exists($fn)) {
|
if(function_exists($fn)) {
|
||||||
openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING));
|
openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING));
|
||||||
openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING));
|
openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING));
|
||||||
return $fn(base64url_decode($data['data']),$k,$i);
|
return $fn(base64url_decode($data['data']),$k,$i);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$x = [ 'data' => $data, 'prvkey' => $prvkey, 'alg' => $alg, 'result' => $data ];
|
$x = [ 'data' => $data, 'prvkey' => $prvkey, 'alg' => $subalg, 'result' => $data ];
|
||||||
call_hooks('other_unencapsulate',$x);
|
call_hooks('other_unencapsulate',$x);
|
||||||
return $x['result'];
|
return $x['result'];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1235,8 +1235,6 @@ function zot_fetch($arr) {
|
|||||||
*/
|
*/
|
||||||
function zot_import($arr, $sender_url) {
|
function zot_import($arr, $sender_url) {
|
||||||
|
|
||||||
logger('arr: ' . print_r($arr,true));
|
|
||||||
|
|
||||||
$data = json_decode($arr['body'], true);
|
$data = json_decode($arr['body'], true);
|
||||||
|
|
||||||
if(! $data) {
|
if(! $data) {
|
||||||
@ -5080,7 +5078,6 @@ function zot6_check_sig() {
|
|||||||
if($r) {
|
if($r) {
|
||||||
foreach($r as $hubloc) {
|
foreach($r as $hubloc) {
|
||||||
$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
|
$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
|
||||||
logger('verified: ' . print_r($verified,true));
|
|
||||||
if($verified && $verified['header_signed'] && $verified['header_valid'] && $verified['content_signed'] && $verified['content_valid']) {
|
if($verified && $verified['header_signed'] && $verified['header_valid'] && $verified['content_signed'] && $verified['content_valid']) {
|
||||||
$ret['hubloc'] = $hubloc;
|
$ret['hubloc'] = $hubloc;
|
||||||
$ret['success'] = true;
|
$ret['success'] = true;
|
||||||
|
|||||||
Reference in New Issue
Block a user