Add RINO version 3 encrypt/decrypt

- Add legacy decrypt of RINO2 - Add fallback to RINO1 to encrypt
2018-01-18 20:15:26 -05:00 · 2018-01-18 20:15:26 -05:00 · 7af6cc8454
commit 7af6cc8454
parent 6857392067
2 changed files with 47 additions and 22 deletions
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@ -6,6 +6,10 @@
 * @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf
 */

+use Defuse\Crypto\Crypto;
+use Defuse\Crypto\Exception\EnvironmentIsBrokenException;
+use Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException;
+use Defuse\Crypto\Key;
 use Friendica\App;
 use Friendica\Core\Config;
 use Friendica\Database\DBM;
@ -179,8 +183,8 @@ function dfrn_notify_post(App $a) {
 				break;
 			case 2:
 				try {
-					$data = \Crypto::decrypt(hex2bin($data), $final_key);
-				} catch (\InvalidCiphertextException $ex) { // VERY IMPORTANT
+					$data = Crypto::legacyDecrypt(hex2bin($data), $final_key);
+				} catch (WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT
 					/*
 					 * Either:
 					 *   1. The ciphertext was modified by the attacker,
@ -190,12 +194,28 @@ function dfrn_notify_post(App $a) {
 					 */
 					logger('The ciphertext has been tampered with!');
 					xml_status(0, 'The ciphertext has been tampered with!');
-				} catch (\CryptoTestFailedException $ex) {
-					logger('Cannot safely perform dencryption');
-					xml_status(0, 'CryptoTestFailed');
-				} catch (\CannotPerformOperationException $ex) {
+				} catch (EnvironmentIsBrokenException $ex) {
 					logger('Cannot safely perform decryption');
-					xml_status(0, 'Cannot safely perform decryption');
+					xml_status(0, 'Environment is broken');
+				}
+				break;
+			case 3:
+				$KeyObject = Key::loadFromAsciiSafeString($final_key);
+				try {
+					$data = Crypto::decrypt(hex2bin($data), $KeyObject);
+				} catch (WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT
+					/*
+					 * Either:
+					 *   1. The ciphertext was modified by the attacker,
+					 *   2. The key is wrong, or
+					 *   3. $ciphertext is not a valid ciphertext or was corrupted.
+					 * Assume the worst.
+					 */
+					logger('The ciphertext has been tampered with!');
+					xml_status(0, 'The ciphertext has been tampered with!');
+				} catch (EnvironmentIsBrokenException $ex) {
+					logger('Cannot safely perform decryption');
+					xml_status(0, 'Environment is broken');
 				}
 				break;
 			default: