harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Protocol: now set data['alg'] on all encapsulated encrypted packets, so that we can more easily retire 'aes256cbc' once it is no longer viable.

Browse Source
This commit is contained in:
friendica
2013-11-20 15:20:12 -08:00
parent f6c41e61ac
commit d7ee552c57
12 changed files with 62 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
include/crypto.php
View File

@@ -49,6 +49,13 @@ function AES256CBC_decrypt($data,$key,$iv) {
str_pad($iv,16,"\0")));
}
function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') {
if($alg === 'aes256cbc')
return aes_encapsulate($data,$pubkey);
}
function aes_encapsulate($data,$pubkey) {
if(! $pubkey)
logger('aes_encapsulate: no key. data: ' . $data);
@@ -60,12 +67,21 @@ function aes_encapsulate($data,$pubkey) {
$x = debug_backtrace();
logger('aes_encapsulate: RSA failed. ' . print_r($x[0],true));
}
$result['alg'] = 'aes256cbc';
$result['key'] = base64url_encode($k,true);
openssl_public_encrypt($iv,$i,$pubkey);
$result['iv'] = base64url_encode($i,true);
return $result;
}
function crypto_unencapsulate($data,$prvkey) {
$alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
if($alg === 'aes256cbc')
return aes_unencapsulate($data,$prvkey);
}
function aes_unencapsulate($data,$prvkey) {
openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey);
openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey);

2
include/follow.php
View File

@@ -96,7 +96,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$global_perms = get_perms();
if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) {
$permissions = aes_unencapsulate(array(
$permissions = crypto_unencapsulate(array(
'data' => $j['permissions']['data'],
'key' => $j['permissions']['key'],
'iv' => $j['permissions']['iv']),

26
include/items.php
View File

@@ -644,9 +644,9 @@ function get_item_elements($x) {
$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
$key = get_config('system','pubkey');
if($arr['title'])
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
if($arr['body'])
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
}
@@ -699,9 +699,9 @@ function encode_item($item) {
if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
$key = get_config('system','prvkey');
if($item['title'])
$item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key);
$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
if($item['body'])
$item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key);
$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
}
if($item['item_restrict'] & ITEM_DELETED) {
@@ -908,9 +908,9 @@ function encode_mail($item) {
if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) {
$key = get_config('system','prvkey');
if($item['title'])
$item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key);
$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
if($item['body'])
$item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key);
$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
}
$x['message_id'] = $item['mid'];
@@ -963,10 +963,10 @@ function get_mail_elements($x) {
$arr['mail_flags'] |= MAIL_OBSCURED;
$arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
if($arr['body'])
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
$arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
if($arr['title'])
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
if($arr['created'] > datetime_convert())
$arr['created'] = datetime_convert();
@@ -1516,9 +1516,9 @@ function item_store($arr,$allow_exec = false) {
$key = get_config('system','pubkey');
$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
if($arr['title'])
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
if($arr['body'])
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
}
}
@@ -1887,9 +1887,9 @@ function item_store_update($arr,$allow_exec = false) {
$key = get_config('system','pubkey');
$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
if($arr['title'])
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
if($arr['body'])
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
}
}
@@ -2243,7 +2243,7 @@ function tag_deliver($uid,$item_id) {
if($item['item_flags'] & ITEM_OBSCURED) {
$key = get_config('system','prvkey');
if($item['body'])
$body = aes_unencapsulate(json_decode_plus($item['body']),$key);
$body = crypto_unencapsulate(json_decode_plus($item['body']),$key);
}
else
$body = $item['body'];

16
include/message.php
View File

@@ -109,9 +109,9 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
$key = get_config('system','pubkey');
if($subject)
$subject = json_encode(aes_encapsulate($subject,$key));
$subject = json_encode(crypto_encapsulate($subject,$key));
if($body)
$body = json_encode(aes_encapsulate($body,$key));
$body = json_encode(crypto_encapsulate($body,$key));
@@ -231,9 +231,9 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
$key = get_config('system','prvkey');
if($r[$k]['title'])
$r[$k]['title'] = aes_unencapsulate(json_decode_plus($r[$k]['title']),$key);
$r[$k]['title'] = crypto_unencapsulate(json_decode_plus($r[$k]['title']),$key);
if($r[$k]['body'])
$r[$k]['body'] = aes_unencapsulate(json_decode_plus($r[$k]['body']),$key);
$r[$k]['body'] = crypto_unencapsulate(json_decode_plus($r[$k]['body']),$key);
}
}
@@ -270,9 +270,9 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
$key = get_config('system','prvkey');
if($messages[$k]['title'])
$messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
$messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
if($messages[$k]['body'])
$messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
$messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
}
}
@@ -358,9 +358,9 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
$key = get_config('system','prvkey');
if($messages[$k]['title'])
$messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
$messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
if($messages[$k]['body'])
$messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
$messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
}
}

4
include/text.php
View File

@@ -1010,9 +1010,9 @@ function unobscure(&$item) {
if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
$key = get_config('system','prvkey');
if($item['title'])
$item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key);
$item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key);
if($item['body'])
$item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key);
$item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key);
}
}

10
include/zot.php
View File

@@ -82,7 +82,7 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_
// Hush-hush ultra top-secret mode
if($remote_key) {
$data = aes_encapsulate(json_encode($data),$remote_key);
$data = crypto_encapsulate(json_encode($data),$remote_key);
}
return json_encode($data);
@@ -269,7 +269,7 @@ function zot_refresh($them,$channel = null) {
if($channel) {
$global_perms = get_perms();
if($j['permissions']['data']) {
$permissions = aes_unencapsulate(array(
$permissions = crypto_unencapsulate(array(
'data' => $j['permissions']['data'],
'key' => $j['permissions']['key'],
'iv' => $j['permissions']['iv']),
@@ -823,7 +823,7 @@ function zot_fetch($arr) {
'secret_sig' => base64url_encode(rsa_sign($arr['secret'],get_config('system','prvkey')))
);
$datatosend = json_encode(aes_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey']));
$datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey']));
$fetch = zot_zot($url,$datatosend);
$result = zot_import($fetch, $arr['sender']['url']);
@@ -849,7 +849,7 @@ function zot_import($arr, $sender_url) {
}
if(array_key_exists('iv',$data)) {
$data = json_decode(aes_unencapsulate($data,get_config('system','prvkey')),true);
$data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true);
}
$incoming = $data['pickup'];
@@ -861,7 +861,7 @@ function zot_import($arr, $sender_url) {
$result = null;
if(array_key_exists('iv',$i['notify'])) {
$i['notify'] = json_decode(aes_unencapsulate($i['notify'],get_config('system','prvkey')),true);
$i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true);
}
logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA);