From 5bc7f4a4429afd95fd43966fb92c29b91cebe90e Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Fri, 19 Jan 2018 11:25:48 -0500 Subject: [PATCH] Remove RINO2 and RINO3 --- htconfig.php | 5 ++--- mod/admin.php | 2 +- mod/dfrn_notify.php | 44 +------------------------------------ mod/install.php | 2 +- src/Protocol/DFRN.php | 21 ------------------ util/htconfig.vagrant.php | 5 ++--- view/templates/htconfig.tpl | 3 +-- 7 files changed, 8 insertions(+), 74 deletions(-) diff --git a/htconfig.php b/htconfig.php index 86f2d14321..1661dd30ed 100644 --- a/htconfig.php +++ b/htconfig.php @@ -61,10 +61,9 @@ $a->config['system']['maximagesize'] = 800000; $a->config['php_path'] = 'php'; // Server-to-server private message encryption (RINO) is allowed by default. -// Encryption will only be provided if this setting is set to a non zero value -// set to 0 to disable, 3 to enable +// set to 0 to disable, 1 to enable -$a->config['system']['rino_encrypt'] = 3; +$a->config['system']['rino_encrypt'] = 1; // allowed themes (change this from admin panel after installation) diff --git a/mod/admin.php b/mod/admin.php index ebb5509de0..9c286c11dd 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -1336,7 +1336,7 @@ function admin_page_site(App $a) '$relocate_url' => ['relocate_url', t("New base url"), System::baseUrl(), t("Change base url for this server. Sends relocate message to all Friendica and Diaspora* contacts of all users.")], - '$rino' => ['rino', t("RINO Encryption"), intval(Config::get('system','rino_encrypt')), t("Encryption layer between nodes."), [0 => "Disabled", 1 => "RINO1 two-ways (deprecated)", 2 => "RINO1 sending/RINO2 receiving (deprectated)", 3 => "RINO3 (experimental)"]], + '$rino' => ['rino', t("RINO Encryption"), intval(Config::get('system','rino_encrypt')), t("Encryption layer between nodes."), [0 => "Disabled", 1 => "Enabled"]], '$worker_queues' => ['worker_queues', t("Maximum number of parallel workers"), Config::get('system','worker_queues'), t("On shared hosters set this to 2. On larger systems, values of 10 are great. Default value is 4.")], '$worker_dont_fork' => ['worker_dont_fork', t("Don't use 'proc_open' with the worker"), Config::get('system','worker_dont_fork'), t("Enable this if your system doesn't allow the use of 'proc_open'. This can happen on shared hosters. If this is enabled you should increase the frequency of worker calls in your crontab.")], diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 0d7e4bc7ef..9c5aff2ead 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -6,10 +6,6 @@ * @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf */ -use Defuse\Crypto\Crypto; -use Defuse\Crypto\Exception\EnvironmentIsBrokenException; -use Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException; -use Defuse\Crypto\Key; use Friendica\App; use Friendica\Core\Config; use Friendica\Database\DBM; @@ -176,54 +172,16 @@ function dfrn_notify_post(App $a) { case 0: case 1: /* - *we got a key. old code send only the key, without RINO version. + * we got a key. old code send only the key, without RINO version. * we assume RINO 1 if key and no RINO version */ $data = DFRN::aesDecrypt(hex2bin($data), $final_key); break; - case 2: - try { - $data = Crypto::legacyDecrypt(hex2bin($data), $final_key); - } catch (WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT - /* - * Either: - * 1. The ciphertext was modified by the attacker, - * 2. The key is wrong, or - * 3. $ciphertext is not a valid ciphertext or was corrupted. - * Assume the worst. - */ - logger('The ciphertext has been tampered with!'); - xml_status(0, 'The ciphertext has been tampered with!'); - } catch (EnvironmentIsBrokenException $ex) { - logger('Cannot safely perform decryption'); - xml_status(0, 'Environment is broken'); - } - break; - case 3: - $KeyObject = Key::loadFromAsciiSafeString($final_key); - try { - $data = Crypto::decrypt(hex2bin($data), $KeyObject); - } catch (WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT - /* - * Either: - * 1. The ciphertext was modified by the attacker, - * 2. The key is wrong, or - * 3. $ciphertext is not a valid ciphertext or was corrupted. - * Assume the worst. - */ - logger('The ciphertext has been tampered with!'); - xml_status(0, 'The ciphertext has been tampered with!'); - } catch (EnvironmentIsBrokenException $ex) { - logger('Cannot safely perform decryption'); - xml_status(0, 'Environment is broken'); - } - break; default: logger("rino: invalid sent version '$rino_remote'"); xml_status(0, "Invalid sent version '$rino_remote'"); } - logger('rino: decrypted data: ' . $data, LOGGER_DATA); } diff --git a/mod/install.php b/mod/install.php index 2989f7fbea..b39e7c949a 100644 --- a/mod/install.php +++ b/mod/install.php @@ -63,7 +63,7 @@ function install_post(App $a) { $timezone = notags(trim($_POST['timezone'])); $language = notags(trim($_POST['language'])); $adminmail = notags(trim($_POST['adminmail'])); - $rino = 2; + $rino = 1; // connect to db dba::connect($dbhost, $dbuser, $dbpass, $dbdata, true); diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index bf662cb1c8..76e8d58564 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -8,9 +8,6 @@ */ namespace Friendica\Protocol; -use Defuse\Crypto\Crypto; -use Defuse\Crypto\Exception\EnvironmentIsBrokenException; -use Defuse\Crypto\Key; use Friendica\App; use Friendica\Content\OEmbed; use Friendica\Core\Config; @@ -1304,23 +1301,6 @@ class DFRN $key = openssl_random_pseudo_bytes(16); $data = self::aesEncrypt($postvars['data'], $key); break; - case 3: - try { - $KeyObject = Key::createNewRandomKey(); - } catch (EnvironmentIsBrokenException $ex) { - logger('Cannot safely create a key'); - return -4; - } - - try { - $data = Crypto::encrypt($postvars['data'], $key); - } catch (EnvironmentIsBrokenException $ex) { - logger('Cannot safely perform encryption'); - return -6; - } - - $key = $KeyObject->saveToAsciiSafeString(); - break; default: logger("rino: invalid requested version '$rino_remote_version'"); return -8; @@ -1331,7 +1311,6 @@ class DFRN //logger('rino: sent key = ' . $key, LOGGER_DEBUG); - if ($dfrn_version >= 2.1) { if (($contact['duplex'] && strlen($contact['pubkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) diff --git a/util/htconfig.vagrant.php b/util/htconfig.vagrant.php index 5b50b9f399..d5cb233575 100644 --- a/util/htconfig.vagrant.php +++ b/util/htconfig.vagrant.php @@ -49,10 +49,9 @@ $a->config['php_path'] = '/usr/bin/php'; // Server-to-server private message encryption (RINO) is allowed by default. -// Encryption will only be provided if this setting is true and the -// PHP mcrypt extension is installed on both systems +// set to 0 to disable, 1 to enable -$a->config['system']['rino_encrypt'] = 3; +$a->config['system']['rino_encrypt'] = 1; // default system theme diff --git a/view/templates/htconfig.tpl b/view/templates/htconfig.tpl index f9771c88da..1ecd9a2b4b 100644 --- a/view/templates/htconfig.tpl +++ b/view/templates/htconfig.tpl @@ -78,8 +78,7 @@ $a->config['max_import_size'] = 200000; $a->config['system']['maximagesize'] = 800000; // Server-to-server private message encryption (RINO) is allowed by default. -// Encryption will only be provided if this setting is set to a non zero value -// set to 0 to disable, 2 to enable, 1 is deprecated +// set to 0 to disable, 1 to enable $a->config['system']['rino_encrypt'] = {{$rino}};