Remove RINO2 and RINO3
This commit is contained in:
parent
5db1717f46
commit
5bc7f4a442
7 changed files with 8 additions and 74 deletions
|
@ -61,10 +61,9 @@ $a->config['system']['maximagesize'] = 800000;
|
||||||
$a->config['php_path'] = 'php';
|
$a->config['php_path'] = 'php';
|
||||||
|
|
||||||
// Server-to-server private message encryption (RINO) is allowed by default.
|
// Server-to-server private message encryption (RINO) is allowed by default.
|
||||||
// Encryption will only be provided if this setting is set to a non zero value
|
// set to 0 to disable, 1 to enable
|
||||||
// set to 0 to disable, 3 to enable
|
|
||||||
|
|
||||||
$a->config['system']['rino_encrypt'] = 3;
|
$a->config['system']['rino_encrypt'] = 1;
|
||||||
|
|
||||||
// allowed themes (change this from admin panel after installation)
|
// allowed themes (change this from admin panel after installation)
|
||||||
|
|
||||||
|
|
|
@ -1336,7 +1336,7 @@ function admin_page_site(App $a)
|
||||||
|
|
||||||
'$relocate_url' => ['relocate_url', t("New base url"), System::baseUrl(), t("Change base url for this server. Sends relocate message to all Friendica and Diaspora* contacts of all users.")],
|
'$relocate_url' => ['relocate_url', t("New base url"), System::baseUrl(), t("Change base url for this server. Sends relocate message to all Friendica and Diaspora* contacts of all users.")],
|
||||||
|
|
||||||
'$rino' => ['rino', t("RINO Encryption"), intval(Config::get('system','rino_encrypt')), t("Encryption layer between nodes."), [0 => "Disabled", 1 => "RINO1 two-ways (deprecated)", 2 => "RINO1 sending/RINO2 receiving (deprectated)", 3 => "RINO3 (experimental)"]],
|
'$rino' => ['rino', t("RINO Encryption"), intval(Config::get('system','rino_encrypt')), t("Encryption layer between nodes."), [0 => "Disabled", 1 => "Enabled"]],
|
||||||
|
|
||||||
'$worker_queues' => ['worker_queues', t("Maximum number of parallel workers"), Config::get('system','worker_queues'), t("On shared hosters set this to 2. On larger systems, values of 10 are great. Default value is 4.")],
|
'$worker_queues' => ['worker_queues', t("Maximum number of parallel workers"), Config::get('system','worker_queues'), t("On shared hosters set this to 2. On larger systems, values of 10 are great. Default value is 4.")],
|
||||||
'$worker_dont_fork' => ['worker_dont_fork', t("Don't use 'proc_open' with the worker"), Config::get('system','worker_dont_fork'), t("Enable this if your system doesn't allow the use of 'proc_open'. This can happen on shared hosters. If this is enabled you should increase the frequency of worker calls in your crontab.")],
|
'$worker_dont_fork' => ['worker_dont_fork', t("Don't use 'proc_open' with the worker"), Config::get('system','worker_dont_fork'), t("Enable this if your system doesn't allow the use of 'proc_open'. This can happen on shared hosters. If this is enabled you should increase the frequency of worker calls in your crontab.")],
|
||||||
|
|
|
@ -6,10 +6,6 @@
|
||||||
* @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf
|
* @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf
|
||||||
*/
|
*/
|
||||||
|
|
||||||
use Defuse\Crypto\Crypto;
|
|
||||||
use Defuse\Crypto\Exception\EnvironmentIsBrokenException;
|
|
||||||
use Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException;
|
|
||||||
use Defuse\Crypto\Key;
|
|
||||||
use Friendica\App;
|
use Friendica\App;
|
||||||
use Friendica\Core\Config;
|
use Friendica\Core\Config;
|
||||||
use Friendica\Database\DBM;
|
use Friendica\Database\DBM;
|
||||||
|
@ -176,54 +172,16 @@ function dfrn_notify_post(App $a) {
|
||||||
case 0:
|
case 0:
|
||||||
case 1:
|
case 1:
|
||||||
/*
|
/*
|
||||||
*we got a key. old code send only the key, without RINO version.
|
* we got a key. old code send only the key, without RINO version.
|
||||||
* we assume RINO 1 if key and no RINO version
|
* we assume RINO 1 if key and no RINO version
|
||||||
*/
|
*/
|
||||||
$data = DFRN::aesDecrypt(hex2bin($data), $final_key);
|
$data = DFRN::aesDecrypt(hex2bin($data), $final_key);
|
||||||
break;
|
break;
|
||||||
case 2:
|
|
||||||
try {
|
|
||||||
$data = Crypto::legacyDecrypt(hex2bin($data), $final_key);
|
|
||||||
} catch (WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT
|
|
||||||
/*
|
|
||||||
* Either:
|
|
||||||
* 1. The ciphertext was modified by the attacker,
|
|
||||||
* 2. The key is wrong, or
|
|
||||||
* 3. $ciphertext is not a valid ciphertext or was corrupted.
|
|
||||||
* Assume the worst.
|
|
||||||
*/
|
|
||||||
logger('The ciphertext has been tampered with!');
|
|
||||||
xml_status(0, 'The ciphertext has been tampered with!');
|
|
||||||
} catch (EnvironmentIsBrokenException $ex) {
|
|
||||||
logger('Cannot safely perform decryption');
|
|
||||||
xml_status(0, 'Environment is broken');
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
$KeyObject = Key::loadFromAsciiSafeString($final_key);
|
|
||||||
try {
|
|
||||||
$data = Crypto::decrypt(hex2bin($data), $KeyObject);
|
|
||||||
} catch (WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT
|
|
||||||
/*
|
|
||||||
* Either:
|
|
||||||
* 1. The ciphertext was modified by the attacker,
|
|
||||||
* 2. The key is wrong, or
|
|
||||||
* 3. $ciphertext is not a valid ciphertext or was corrupted.
|
|
||||||
* Assume the worst.
|
|
||||||
*/
|
|
||||||
logger('The ciphertext has been tampered with!');
|
|
||||||
xml_status(0, 'The ciphertext has been tampered with!');
|
|
||||||
} catch (EnvironmentIsBrokenException $ex) {
|
|
||||||
logger('Cannot safely perform decryption');
|
|
||||||
xml_status(0, 'Environment is broken');
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
default:
|
default:
|
||||||
logger("rino: invalid sent version '$rino_remote'");
|
logger("rino: invalid sent version '$rino_remote'");
|
||||||
xml_status(0, "Invalid sent version '$rino_remote'");
|
xml_status(0, "Invalid sent version '$rino_remote'");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
logger('rino: decrypted data: ' . $data, LOGGER_DATA);
|
logger('rino: decrypted data: ' . $data, LOGGER_DATA);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -63,7 +63,7 @@ function install_post(App $a) {
|
||||||
$timezone = notags(trim($_POST['timezone']));
|
$timezone = notags(trim($_POST['timezone']));
|
||||||
$language = notags(trim($_POST['language']));
|
$language = notags(trim($_POST['language']));
|
||||||
$adminmail = notags(trim($_POST['adminmail']));
|
$adminmail = notags(trim($_POST['adminmail']));
|
||||||
$rino = 2;
|
$rino = 1;
|
||||||
|
|
||||||
// connect to db
|
// connect to db
|
||||||
dba::connect($dbhost, $dbuser, $dbpass, $dbdata, true);
|
dba::connect($dbhost, $dbuser, $dbpass, $dbdata, true);
|
||||||
|
|
|
@ -8,9 +8,6 @@
|
||||||
*/
|
*/
|
||||||
namespace Friendica\Protocol;
|
namespace Friendica\Protocol;
|
||||||
|
|
||||||
use Defuse\Crypto\Crypto;
|
|
||||||
use Defuse\Crypto\Exception\EnvironmentIsBrokenException;
|
|
||||||
use Defuse\Crypto\Key;
|
|
||||||
use Friendica\App;
|
use Friendica\App;
|
||||||
use Friendica\Content\OEmbed;
|
use Friendica\Content\OEmbed;
|
||||||
use Friendica\Core\Config;
|
use Friendica\Core\Config;
|
||||||
|
@ -1304,23 +1301,6 @@ class DFRN
|
||||||
$key = openssl_random_pseudo_bytes(16);
|
$key = openssl_random_pseudo_bytes(16);
|
||||||
$data = self::aesEncrypt($postvars['data'], $key);
|
$data = self::aesEncrypt($postvars['data'], $key);
|
||||||
break;
|
break;
|
||||||
case 3:
|
|
||||||
try {
|
|
||||||
$KeyObject = Key::createNewRandomKey();
|
|
||||||
} catch (EnvironmentIsBrokenException $ex) {
|
|
||||||
logger('Cannot safely create a key');
|
|
||||||
return -4;
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
$data = Crypto::encrypt($postvars['data'], $key);
|
|
||||||
} catch (EnvironmentIsBrokenException $ex) {
|
|
||||||
logger('Cannot safely perform encryption');
|
|
||||||
return -6;
|
|
||||||
}
|
|
||||||
|
|
||||||
$key = $KeyObject->saveToAsciiSafeString();
|
|
||||||
break;
|
|
||||||
default:
|
default:
|
||||||
logger("rino: invalid requested version '$rino_remote_version'");
|
logger("rino: invalid requested version '$rino_remote_version'");
|
||||||
return -8;
|
return -8;
|
||||||
|
@ -1331,7 +1311,6 @@ class DFRN
|
||||||
|
|
||||||
//logger('rino: sent key = ' . $key, LOGGER_DEBUG);
|
//logger('rino: sent key = ' . $key, LOGGER_DEBUG);
|
||||||
|
|
||||||
|
|
||||||
if ($dfrn_version >= 2.1) {
|
if ($dfrn_version >= 2.1) {
|
||||||
if (($contact['duplex'] && strlen($contact['pubkey']))
|
if (($contact['duplex'] && strlen($contact['pubkey']))
|
||||||
|| ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
|
|| ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
|
||||||
|
|
|
@ -49,10 +49,9 @@ $a->config['php_path'] = '/usr/bin/php';
|
||||||
|
|
||||||
|
|
||||||
// Server-to-server private message encryption (RINO) is allowed by default.
|
// Server-to-server private message encryption (RINO) is allowed by default.
|
||||||
// Encryption will only be provided if this setting is true and the
|
// set to 0 to disable, 1 to enable
|
||||||
// PHP mcrypt extension is installed on both systems
|
|
||||||
|
|
||||||
$a->config['system']['rino_encrypt'] = 3;
|
$a->config['system']['rino_encrypt'] = 1;
|
||||||
|
|
||||||
// default system theme
|
// default system theme
|
||||||
|
|
||||||
|
|
|
@ -78,8 +78,7 @@ $a->config['max_import_size'] = 200000;
|
||||||
$a->config['system']['maximagesize'] = 800000;
|
$a->config['system']['maximagesize'] = 800000;
|
||||||
|
|
||||||
// Server-to-server private message encryption (RINO) is allowed by default.
|
// Server-to-server private message encryption (RINO) is allowed by default.
|
||||||
// Encryption will only be provided if this setting is set to a non zero value
|
// set to 0 to disable, 1 to enable
|
||||||
// set to 0 to disable, 2 to enable, 1 is deprecated
|
|
||||||
|
|
||||||
$a->config['system']['rino_encrypt'] = {{$rino}};
|
$a->config['system']['rino_encrypt'] = {{$rino}};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue