Protocol: now set data['alg'] on all encapsulated encrypted packets, so that we can more easily retire 'aes256cbc' once it is no longer viable.
This commit is contained in:
friendica
parent
f6c41e61ac
commit
d7ee552c57
10
boot.php
10
boot.php
@ -803,12 +803,6 @@ class App {
|
||||
|
||||
$scheme = $this->scheme;
|
||||
|
||||
// if((x($this->config,'system')) && (x($this->config['system'],'ssl_policy'))) {
|
||||
// if(intval($this->config['system']['ssl_policy']) === intval(SSL_POLICY_FULL)) {
|
||||
// $scheme = 'https';
|
||||
// }
|
||||
// }
|
||||
|
||||
$this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' );
|
||||
return $this->baseurl;
|
||||
}
|
||||
@ -995,6 +989,9 @@ class App {
|
||||
)) . $this->page['htmlhead'];
|
||||
}
|
||||
|
||||
// The following curl functions will go away once we've converted
|
||||
// all instances of (fetch|post)_url() to z_(fetch|post)_url()
|
||||
|
||||
function set_curl_code($code) {
|
||||
$this->curl_code = $code;
|
||||
}
|
||||
@ -1186,7 +1183,6 @@ function is_ajax() {
|
||||
// $_SERVER variables, and synchronising the state of installed plugins.
|
||||
|
||||
|
||||
|
||||
function check_config(&$a) {
|
||||
|
||||
$build = get_config('system','db_version');
|
||||
|
||||
@ -49,6 +49,13 @@ function AES256CBC_decrypt($data,$key,$iv) {
|
||||
str_pad($iv,16,"\0")));
|
||||
}
|
||||
|
||||
function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') {
|
||||
if($alg === 'aes256cbc')
|
||||
return aes_encapsulate($data,$pubkey);
|
||||
|
||||
}
|
||||
|
||||
|
||||
function aes_encapsulate($data,$pubkey) {
|
||||
if(! $pubkey)
|
||||
logger('aes_encapsulate: no key. data: ' . $data);
|
||||
@ -60,12 +67,21 @@ function aes_encapsulate($data,$pubkey) {
|
||||
$x = debug_backtrace();
|
||||
logger('aes_encapsulate: RSA failed. ' . print_r($x[0],true));
|
||||
}
|
||||
$result['alg'] = 'aes256cbc';
|
||||
$result['key'] = base64url_encode($k,true);
|
||||
openssl_public_encrypt($iv,$i,$pubkey);
|
||||
$result['iv'] = base64url_encode($i,true);
|
||||
return $result;
|
||||
}
|
||||
|
||||
function crypto_unencapsulate($data,$prvkey) {
|
||||
$alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
|
||||
if($alg === 'aes256cbc')
|
||||
return aes_unencapsulate($data,$prvkey);
|
||||
|
||||
}
|
||||
|
||||
|
||||
function aes_unencapsulate($data,$prvkey) {
|
||||
openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey);
|
||||
openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey);
|
||||
|
||||
@ -96,7 +96,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
|
||||
$global_perms = get_perms();
|
||||
|
||||
if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) {
|
||||
$permissions = aes_unencapsulate(array(
|
||||
$permissions = crypto_unencapsulate(array(
|
||||
'data' => $j['permissions']['data'],
|
||||
'key' => $j['permissions']['key'],
|
||||
'iv' => $j['permissions']['iv']),
|
||||
|
||||
@ -644,9 +644,9 @@ function get_item_elements($x) {
|
||||
$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
|
||||
$key = get_config('system','pubkey');
|
||||
if($arr['title'])
|
||||
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
|
||||
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
|
||||
if($arr['body'])
|
||||
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
|
||||
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
|
||||
}
|
||||
|
||||
|
||||
@ -699,9 +699,9 @@ function encode_item($item) {
|
||||
if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
|
||||
$key = get_config('system','prvkey');
|
||||
if($item['title'])
|
||||
$item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key);
|
||||
$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
|
||||
if($item['body'])
|
||||
$item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key);
|
||||
$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
|
||||
}
|
||||
|
||||
if($item['item_restrict'] & ITEM_DELETED) {
|
||||
@ -908,9 +908,9 @@ function encode_mail($item) {
|
||||
if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) {
|
||||
$key = get_config('system','prvkey');
|
||||
if($item['title'])
|
||||
$item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key);
|
||||
$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
|
||||
if($item['body'])
|
||||
$item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key);
|
||||
$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
|
||||
}
|
||||
|
||||
$x['message_id'] = $item['mid'];
|
||||
@ -963,10 +963,10 @@ function get_mail_elements($x) {
|
||||
$arr['mail_flags'] |= MAIL_OBSCURED;
|
||||
$arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
|
||||
if($arr['body'])
|
||||
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
|
||||
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
|
||||
$arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
|
||||
if($arr['title'])
|
||||
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
|
||||
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
|
||||
|
||||
if($arr['created'] > datetime_convert())
|
||||
$arr['created'] = datetime_convert();
|
||||
@ -1516,9 +1516,9 @@ function item_store($arr,$allow_exec = false) {
|
||||
$key = get_config('system','pubkey');
|
||||
$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
|
||||
if($arr['title'])
|
||||
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
|
||||
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
|
||||
if($arr['body'])
|
||||
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
|
||||
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
|
||||
}
|
||||
|
||||
}
|
||||
@ -1887,9 +1887,9 @@ function item_store_update($arr,$allow_exec = false) {
|
||||
$key = get_config('system','pubkey');
|
||||
$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
|
||||
if($arr['title'])
|
||||
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
|
||||
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
|
||||
if($arr['body'])
|
||||
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
|
||||
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
|
||||
}
|
||||
|
||||
}
|
||||
@ -2243,7 +2243,7 @@ function tag_deliver($uid,$item_id) {
|
||||
if($item['item_flags'] & ITEM_OBSCURED) {
|
||||
$key = get_config('system','prvkey');
|
||||
if($item['body'])
|
||||
$body = aes_unencapsulate(json_decode_plus($item['body']),$key);
|
||||
$body = crypto_unencapsulate(json_decode_plus($item['body']),$key);
|
||||
}
|
||||
else
|
||||
$body = $item['body'];
|
||||
|
||||
@ -109,9 +109,9 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
|
||||
|
||||
$key = get_config('system','pubkey');
|
||||
if($subject)
|
||||
$subject = json_encode(aes_encapsulate($subject,$key));
|
||||
$subject = json_encode(crypto_encapsulate($subject,$key));
|
||||
if($body)
|
||||
$body = json_encode(aes_encapsulate($body,$key));
|
||||
$body = json_encode(crypto_encapsulate($body,$key));
|
||||
|
||||
|
||||
|
||||
@ -231,9 +231,9 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
|
||||
$key = get_config('system','prvkey');
|
||||
|
||||
if($r[$k]['title'])
|
||||
$r[$k]['title'] = aes_unencapsulate(json_decode_plus($r[$k]['title']),$key);
|
||||
$r[$k]['title'] = crypto_unencapsulate(json_decode_plus($r[$k]['title']),$key);
|
||||
if($r[$k]['body'])
|
||||
$r[$k]['body'] = aes_unencapsulate(json_decode_plus($r[$k]['body']),$key);
|
||||
$r[$k]['body'] = crypto_unencapsulate(json_decode_plus($r[$k]['body']),$key);
|
||||
}
|
||||
}
|
||||
|
||||
@ -270,9 +270,9 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
|
||||
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
|
||||
$key = get_config('system','prvkey');
|
||||
if($messages[$k]['title'])
|
||||
$messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
|
||||
$messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
|
||||
if($messages[$k]['body'])
|
||||
$messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
|
||||
$messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
|
||||
}
|
||||
}
|
||||
|
||||
@ -358,9 +358,9 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
|
||||
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
|
||||
$key = get_config('system','prvkey');
|
||||
if($messages[$k]['title'])
|
||||
$messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
|
||||
$messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
|
||||
if($messages[$k]['body'])
|
||||
$messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
|
||||
$messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1010,9 +1010,9 @@ function unobscure(&$item) {
|
||||
if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
|
||||
$key = get_config('system','prvkey');
|
||||
if($item['title'])
|
||||
$item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key);
|
||||
$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
|
||||
if($item['body'])
|
||||
$item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key);
|
||||
$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -82,7 +82,7 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_
|
||||
// Hush-hush ultra top-secret mode
|
||||
|
||||
if($remote_key) {
|
||||
$data = aes_encapsulate(json_encode($data),$remote_key);
|
||||
$data = crypto_encapsulate(json_encode($data),$remote_key);
|
||||
}
|
||||
|
||||
return json_encode($data);
|
||||
@ -269,7 +269,7 @@ function zot_refresh($them,$channel = null) {
|
||||
if($channel) {
|
||||
$global_perms = get_perms();
|
||||
if($j['permissions']['data']) {
|
||||
$permissions = aes_unencapsulate(array(
|
||||
$permissions = crypto_unencapsulate(array(
|
||||
'data' => $j['permissions']['data'],
|
||||
'key' => $j['permissions']['key'],
|
||||
'iv' => $j['permissions']['iv']),
|
||||
@ -823,7 +823,7 @@ function zot_fetch($arr) {
|
||||
'secret_sig' => base64url_encode(rsa_sign($arr['secret'],get_config('system','prvkey')))
|
||||
);
|
||||
|
||||
$datatosend = json_encode(aes_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey']));
|
||||
$datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey']));
|
||||
|
||||
$fetch = zot_zot($url,$datatosend);
|
||||
$result = zot_import($fetch, $arr['sender']['url']);
|
||||
@ -849,7 +849,7 @@ function zot_import($arr, $sender_url) {
|
||||
}
|
||||
|
||||
if(array_key_exists('iv',$data)) {
|
||||
$data = json_decode(aes_unencapsulate($data,get_config('system','prvkey')),true);
|
||||
$data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true);
|
||||
}
|
||||
|
||||
$incoming = $data['pickup'];
|
||||
@ -861,7 +861,7 @@ function zot_import($arr, $sender_url) {
|
||||
$result = null;
|
||||
|
||||
if(array_key_exists('iv',$i['notify'])) {
|
||||
$i['notify'] = json_decode(aes_unencapsulate($i['notify'],get_config('system','prvkey')),true);
|
||||
$i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true);
|
||||
}
|
||||
|
||||
logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA);
|
||||
|
||||
@ -57,9 +57,9 @@ function editpost_content(&$a) {
|
||||
if($itm[0]['item_flags'] & ITEM_OBSCURED) {
|
||||
$key = get_config('system','prvkey');
|
||||
if($itm[0]['title'])
|
||||
$itm[0]['title'] = aes_unencapsulate(json_decode_plus($itm[0]['title']),$key);
|
||||
$itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key);
|
||||
if($itm[0]['body'])
|
||||
$itm[0]['body'] = aes_unencapsulate(json_decode_plus($itm[0]['body']),$key);
|
||||
$itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key);
|
||||
}
|
||||
|
||||
$tpl = get_markup_template("jot.tpl");
|
||||
|
||||
@ -79,7 +79,7 @@ function message_post(&$a) {
|
||||
$global_perms = get_perms();
|
||||
|
||||
if($j['permissions']['data']) {
|
||||
$permissions = aes_unencapsulate($j['permissions'],$channel['channel_prvkey']);
|
||||
$permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']);
|
||||
if($permissions)
|
||||
$permissions = json_decode($permissions);
|
||||
logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA);
|
||||
|
||||
@ -172,7 +172,7 @@ function post_post(&$a) {
|
||||
*/
|
||||
|
||||
if(array_key_exists('iv',$data)) {
|
||||
$data = aes_unencapsulate($data,get_config('system','prvkey'));
|
||||
$data = crypto_unencapsulate($data,get_config('system','prvkey'));
|
||||
logger('mod_zot: decrypt1: ' . $data, LOGGER_DATA);
|
||||
|
||||
// susceptible to Bleichenbacher's attack
|
||||
@ -312,7 +312,7 @@ function post_post(&$a) {
|
||||
);
|
||||
}
|
||||
}
|
||||
$encrypted = aes_encapsulate(json_encode($ret),$sitekey);
|
||||
$encrypted = crypto_encapsulate(json_encode($ret),$sitekey);
|
||||
json_return_and_die($encrypted);
|
||||
|
||||
/** pickup: end */
|
||||
|
||||
@ -26,7 +26,7 @@ function probe_content(&$a) {
|
||||
$j = json_decode($res['body'],true);
|
||||
}
|
||||
if($j && $j['permissions'] && $j['permissions']['iv'])
|
||||
$j['permissions'] = json_decode(aes_unencapsulate($j['permissions'],$channel['channel_prvkey']),true);
|
||||
$j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']),true);
|
||||
$o .= str_replace("\n",'<br />',print_r($j,true));
|
||||
$o .= '</pre>';
|
||||
}
|
||||
|
||||
@ -7,6 +7,14 @@ function register_init(&$a) {
|
||||
$result = null;
|
||||
$cmd = ((argc() > 1) ? argv(1) : '');
|
||||
|
||||
// Provide a stored request for somebody desiring a connection
|
||||
// when they first need to register someplace. Once they've
|
||||
// created a channel, we'll try to revive the connection request
|
||||
// and process it.
|
||||
|
||||
if($_REQUEST['connect'])
|
||||
$_SESSION['connect'] = $_REQUEST['connect'];
|
||||
|
||||
switch($cmd) {
|
||||
case 'invite_check.json':
|
||||
$result = check_account_invite($_REQUEST['invite_code']);
|
||||
|
||||
Reference in New Issue
Block a user