Browse Source

RINO 2 based on php-encryption

reenable RINO 1 functions, add a deprecation note.
use by default RINO 2 , with crypto from php-encryption
fallback to RINO 1 for old nodes.
tags/3.4.1^2
Fabrixxm 4 years ago
parent
commit
6fbb02fb93

+ 3
- 2
include/crypto.php View File

@@ -185,8 +185,9 @@ function salmon_key($pubkey) {
185 185
 }
186 186
 
187 187
 
188
-/** disable rino 
188
+
189 189
 if(! function_exists('aes_decrypt')) {
190
+// DEPRECATED IN 3.4.1
190 191
 function aes_decrypt($val,$ky)
191 192
 {
192 193
     $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
@@ -200,6 +201,7 @@ function aes_decrypt($val,$ky)
200 201
 
201 202
 
202 203
 if(! function_exists('aes_encrypt')) {
204
+// DEPRECATED IN 3.4.1
203 205
 function aes_encrypt($val,$ky)
204 206
 {
205 207
     $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
@@ -210,7 +212,6 @@ function aes_encrypt($val,$ky)
210 212
     $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
211 213
     return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
212 214
 }} 
213
-**/
214 215
 
215 216
 function pkcs5_pad ($text, $blocksize)
216 217
 {

+ 54
- 18
include/items.php View File

@@ -15,6 +15,9 @@ require_once('include/plaintext.php');
15 15
 require_once('include/ostatus.php');
16 16
 require_once('mod/share.php');
17 17
 
18
+require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
19
+
20
+
18 21
 function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false) {
19 22
 
20 23
 
@@ -1982,16 +1985,16 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
1982 1985
 	if($contact['duplex'] && $contact['issued-id'])
1983 1986
 		$idtosend = '1:' . $orig_id;
1984 1987
 
1985
-    /**
1986
-	 * disable rino.
1987
-	$rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
1988
-
1989
-	$rino_enable = get_config('system','rino_encrypt');
1990
-
1991
-	if(! $rino_enable)
1988
+    
1989
+	$rino = get_config('system','rino_encrypt');
1990
+	
1991
+	if(! $rino) {
1992 1992
 		$rino = 0;
1993
-    **/
1994
-	$rino = 0; $rino_enable = 0;
1993
+	} else {
1994
+		$rino = 2;
1995
+	}
1996
+   
1997
+
1995 1998
 	
1996 1999
 	$ssl_val = intval(get_config('system','ssl_policy'));
1997 2000
 	$ssl_policy = '';
@@ -2009,7 +2012,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
2009 2012
 			break;
2010 2013
 	}
2011 2014
 
2012
-	$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
2015
+	$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino='.$rino : '');
2013 2016
 
2014 2017
 	logger('dfrn_deliver: ' . $url);
2015 2018
 
@@ -2040,7 +2043,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
2040 2043
 	$challenge    = hex2bin((string) $res->challenge);
2041 2044
 	$perm         = (($res->perm) ? $res->perm : null);
2042 2045
 	$dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
2043
-	$rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
2046
+	$rino_remote_version = intval($res->rino);
2044 2047
 	$page         = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
2045 2048
 
2046 2049
 	if($owner['page-flags'] == PAGE_PRVGROUP)
@@ -2101,12 +2104,45 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
2101 2104
 	if($page)
2102 2105
 		$postvars['page'] = $page;
2103 2106
 
2104
-    /** disable rino
2105
-	if($rino && $rino_allowed && (! $dissolve)) {
2106
-		$key = substr(random_string(),0,16);
2107
-		$data = bin2hex(aes_encrypt($postvars['data'],$key));
2108
-		$postvars['data'] = $data;
2109
-		logger('rino: sent key = ' . $key, LOGGER_DEBUG);
2107
+	if($rino>0 && $rino_remote_version>0 && (! $dissolve)) {
2108
+		logger('rino version: '. $rino_remote_version);
2109
+
2110
+		switch($rino_remote_version) {
2111
+			case 1:
2112
+				// Deprecated rino version!
2113
+				$key = substr(random_string(),0,16);
2114
+				$data = aes_encrypt($postvars['data'],$key);
2115
+				break;
2116
+			case 2:
2117
+				// RINO 2 based on php-encryption
2118
+				try {
2119
+					$key = Crypto::createNewRandomKey();
2120
+				} catch (CryptoTestFailed $ex) {
2121
+					logger('Cannot safely create a key');
2122
+					return -1;
2123
+				} catch (CannotPerformOperation $ex) {
2124
+					logger('Cannot safely create a key');
2125
+					return -1; 
2126
+				}
2127
+				try {
2128
+					$data = Crypto::encrypt($postvars['data'], $key);
2129
+				} catch (CryptoTestFailed $ex) {
2130
+					logger('Cannot safely perform encryption');
2131
+					return -1; 
2132
+				} catch (CannotPerformOperation $ex) {
2133
+					logger('Cannot safely perform encryption');
2134
+					return -1; 
2135
+				}
2136
+				break;
2137
+			default:
2138
+				logger("rino: invalid requested verision '$rino_remote_version'");
2139
+				return -1;
2140
+		}
2141
+		
2142
+		$postvars['rino'] = $rino_remote_version;
2143
+		$postvars['data'] = bin2hex($data);
2144
+		
2145
+		#logger('rino: sent key = ' . $key, LOGGER_DEBUG);
2110 2146
 
2111 2147
 
2112 2148
 		if($dfrn_version >= 2.1) {
@@ -2133,7 +2169,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
2133 2169
 
2134 2170
 		$postvars['key'] = bin2hex($postvars['key']);
2135 2171
 	}
2136
-	**/
2172
+	
2137 2173
 
2138 2174
 	logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA);
2139 2175
 

+ 22
- 0
library/defuse/php-encryption-1.2.1/.travis.yml View File

@@ -0,0 +1,22 @@
1
+language: php
2
+php:
3
+    - "5.6"
4
+    - "5.5"
5
+    - "5.4"
6
+    - "5.3"
7
+    - "5.2"
8
+# Versions below here are not installed on travis-ci
9
+#    - "5.1"
10
+#    - "5.0"
11
+#    - "4.4"
12
+#    - "4.3"
13
+#    - "4.2"
14
+#    - "4.1"
15
+#    - "4.0"
16
+    
17
+matrix:
18
+  allow_failures:
19
+    - php: "5.3"
20
+    - php: "5.2"
21
+
22
+script: ./test.sh

+ 677
- 0
library/defuse/php-encryption-1.2.1/Crypto.php View File

@@ -0,0 +1,677 @@
1
+<?php
2
+
3
+/*
4
+ * PHP Encryption Library
5
+ * Copyright (c) 2014, Taylor Hornby
6
+ * All rights reserved.
7
+ *
8
+ * Redistribution and use in source and binary forms, with or without 
9
+ * modification, are permitted provided that the following conditions are met:
10
+ *
11
+ * 1. Redistributions of source code must retain the above copyright notice, 
12
+ * this list of conditions and the following disclaimer.
13
+ *
14
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
15
+ * this list of conditions and the following disclaimer in the documentation 
16
+ * and/or other materials provided with the distribution.
17
+ *
18
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
19
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
20
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
21
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
22
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
23
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
24
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
25
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
26
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
27
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
28
+ * POSSIBILITY OF SUCH DAMAGE.
29
+ */
30
+
31
+/*
32
+ * Web: https://defuse.ca/secure-php-encryption.htm
33
+ * GitHub: https://github.com/defuse/php-encryption 
34
+ *
35
+ * WARNING: This encryption library is not a silver bullet. It only provides
36
+ * symmetric encryption given a uniformly random key. This means you MUST NOT
37
+ * use an ASCII string like a password as the key parameter, it MUST be
38
+ * a uniformly random key generated by CreateNewRandomKey(). If you want to
39
+ * encrypt something with a password, apply a password key derivation function
40
+ * like PBKDF2 or scrypt with a random salt to generate a key.
41
+ *
42
+ * WARNING: Error handling is very important, especially for crypto code! 
43
+ *
44
+ * How to use this code:
45
+ *
46
+ *     Generating a Key
47
+ *     ----------------
48
+ *       try {
49
+ *           $key = self::CreateNewRandomKey();
50
+ *           // WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
51
+ *           // they may leak the key to the attacker through side channels.
52
+ *       } catch (CryptoTestFailedException $ex) {
53
+ *           die('Cannot safely create a key');
54
+ *       } catch (CannotPerformOperationException $ex) {
55
+ *           die('Cannot safely create a key');
56
+ *       }
57
+ *
58
+ *     Encrypting a Message
59
+ *     --------------------
60
+ *       $message = "ATTACK AT DAWN";
61
+ *       try {
62
+ *           $ciphertext = self::Encrypt($message, $key);
63
+ *       } catch (CryptoTestFailedException $ex) {
64
+ *           die('Cannot safely perform encryption');
65
+ *       } catch (CannotPerformOperationException $ex) {
66
+ *           die('Cannot safely perform decryption');
67
+ *       }
68
+ *
69
+ *     Decrypting a Message
70
+ *     --------------------
71
+ *       try {
72
+ *           $decrypted = self::Decrypt($ciphertext, $key);
73
+ *       } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
74
+ *           // Either:
75
+ *           //   1. The ciphertext was modified by the attacker,
76
+ *           //   2. The key is wrong, or
77
+ *           //   3. $ciphertext is not a valid ciphertext or was corrupted.
78
+ *           // Assume the worst.
79
+ *           die('DANGER! DANGER! The ciphertext has been tampered with!');
80
+ *       } catch (CryptoTestFailedException $ex) {
81
+ *           die('Cannot safely perform encryption');
82
+ *       } catch (CannotPerformOperationException $ex) {
83
+ *           die('Cannot safely perform decryption');
84
+ *       }
85
+ */
86
+
87
+/* 
88
+ * Raised by Decrypt() when one of the following conditions are met:
89
+ *  - The key is wrong.
90
+ *  - The ciphertext is invalid or not in the correct format.
91
+ *  - The attacker modified the ciphertext.
92
+ */
93
+class InvalidCiphertextException extends Exception {}
94
+/* If you see these, it means it is NOT SAFE to do encryption on your system. */
95
+class CannotPerformOperationException extends Exception {}
96
+class CryptoTestFailedException extends Exception {}
97
+
98
+final class Crypto
99
+{
100
+    // Ciphertext format: [____HMAC____][____IV____][____CIPHERTEXT____].
101
+
102
+    /* DO NOT CHANGE THESE CONSTANTS! 
103
+     *
104
+     * We spent *weeks* testing this code, making sure it is as perfect and
105
+     * correct as possible. Are you going to do the same after making your
106
+     * changes? Probably not. Besides, any change to these constants will break
107
+     * the runtime tests, which are extremely important for your security.
108
+     * You're literally millions of times more likely to screw up your own
109
+     * security by changing something here than you are to fall victim to an
110
+     * 128-bit key brute-force attack. You're also breaking your own
111
+     * compatibility with future updates to this library, so you'll be left
112
+     * vulnerable if we ever find a security bug and release a fix.
113
+     *
114
+     * So, PLEASE, do not change these constants.
115
+     */
116
+    const CIPHER = 'aes-128';
117
+    const KEY_BYTE_SIZE = 16;
118
+    const CIPHER_MODE = 'cbc';
119
+    const HASH_FUNCTION = 'sha256';
120
+    const MAC_BYTE_SIZE = 32;
121
+    const ENCRYPTION_INFO = 'DefusePHP|KeyForEncryption';
122
+    const AUTHENTICATION_INFO = 'DefusePHP|KeyForAuthentication';
123
+
124
+    /*
125
+     * Use this to generate a random encryption key.
126
+     */
127
+    public static function CreateNewRandomKey()
128
+    {
129
+        self::RuntimeTest();
130
+        return self::SecureRandom(self::KEY_BYTE_SIZE);
131
+    }
132
+
133
+    /*
134
+     * Encrypts a message.
135
+     * $plaintext is the message to encrypt.
136
+     * $key is the encryption key, a value generated by CreateNewRandomKey().
137
+     * You MUST catch exceptions thrown by this function. See docs above.
138
+     */
139
+    public static function Encrypt($plaintext, $key)
140
+    {
141
+        self::RuntimeTest();
142
+
143
+        if (self::our_strlen($key) !== self::KEY_BYTE_SIZE)
144
+        {
145
+            throw new CannotPerformOperationException("Bad key.");
146
+        }
147
+
148
+        $method = self::CIPHER.'-'.self::CIPHER_MODE;
149
+        
150
+        self::EnsureFunctionExists('openssl_get_cipher_methods');
151
+        if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
152
+            throw new CannotPerformOperationException("Cipher method not supported.");
153
+        }
154
+        
155
+        // Generate a sub-key for encryption.
156
+        $keysize = self::KEY_BYTE_SIZE;
157
+        $ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
158
+
159
+        // Generate a random initialization vector.
160
+        self::EnsureFunctionExists("openssl_cipher_iv_length");
161
+        $ivsize = openssl_cipher_iv_length($method);
162
+        if ($ivsize === FALSE || $ivsize <= 0) {
163
+            throw new CannotPerformOperationException();
164
+        }
165
+        $iv = self::SecureRandom($ivsize);
166
+
167
+        $ciphertext = $iv . self::PlainEncrypt($plaintext, $ekey, $iv);
168
+
169
+        // Generate a sub-key for authentication and apply the HMAC.
170
+        $akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
171
+        $auth = hash_hmac(self::HASH_FUNCTION, $ciphertext, $akey, true);
172
+        $ciphertext = $auth . $ciphertext;
173
+
174
+        return $ciphertext;
175
+    }
176
+
177
+    /*
178
+     * Decrypts a ciphertext.
179
+     * $ciphertext is the ciphertext to decrypt.
180
+     * $key is the key that the ciphertext was encrypted with.
181
+     * You MUST catch exceptions thrown by this function. See docs above.
182
+     */
183
+    public static function Decrypt($ciphertext, $key)
184
+    {
185
+        self::RuntimeTest();
186
+        
187
+        $method = self::CIPHER.'-'.self::CIPHER_MODE;
188
+        
189
+        self::EnsureFunctionExists('openssl_get_cipher_methods');
190
+        if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
191
+            throw new CannotPerformOperationException("Cipher method not supported.");
192
+        }
193
+
194
+        // Extract the HMAC from the front of the ciphertext.
195
+        if (self::our_strlen($ciphertext) <= self::MAC_BYTE_SIZE) {
196
+            throw new InvalidCiphertextException();
197
+        }
198
+        $hmac = self::our_substr($ciphertext, 0, self::MAC_BYTE_SIZE);
199
+        if ($hmac === FALSE) {
200
+            throw new CannotPerformOperationException();
201
+        }
202
+        $ciphertext = self::our_substr($ciphertext, self::MAC_BYTE_SIZE);
203
+        if ($ciphertext === FALSE) {
204
+            throw new CannotPerformOperationException();
205
+        }
206
+
207
+        // Regenerate the same authentication sub-key.
208
+        $akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
209
+
210
+        if (self::VerifyHMAC($hmac, $ciphertext, $akey))
211
+        {
212
+            // Regenerate the same encryption sub-key.
213
+            $keysize = self::KEY_BYTE_SIZE;
214
+            $ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
215
+
216
+            // Extract the initialization vector from the ciphertext.
217
+            self::EnsureFunctionExists("openssl_cipher_iv_length");
218
+            $ivsize = openssl_cipher_iv_length($method);
219
+            if ($ivsize === FALSE || $ivsize <= 0) {
220
+                throw new CannotPerformOperationException();
221
+            }
222
+            if (self::our_strlen($ciphertext) <= $ivsize) {
223
+                throw new InvalidCiphertextException();
224
+            }
225
+            $iv = self::our_substr($ciphertext, 0, $ivsize);
226
+            if ($iv === FALSE) {
227
+                throw new CannotPerformOperationException();
228
+            }
229
+            $ciphertext = self::our_substr($ciphertext, $ivsize);
230
+            if ($ciphertext === FALSE) {
231
+                throw new CannotPerformOperationException();
232
+            }
233
+            
234
+            $plaintext = self::PlainDecrypt($ciphertext, $ekey, $iv);
235
+
236
+            return $plaintext;
237
+        }
238
+        else
239
+        {
240
+            /*
241
+             * We throw an exception instead of returning FALSE because we want
242
+             * a script that doesn't handle this condition to CRASH, instead
243
+             * of thinking the ciphertext decrypted to the value FALSE.
244
+             */
245
+             throw new InvalidCiphertextException();
246
+        }
247
+    }
248
+
249
+    /*
250
+     * Runs tests.
251
+     * Raises CannotPerformOperationException or CryptoTestFailedException if
252
+     * one of the tests fail. If any tests fails, your system is not capable of
253
+     * performing encryption, so make sure you fail safe in that case.
254
+     */
255
+    public static function RuntimeTest()
256
+    {
257
+        // 0: Tests haven't been run yet.
258
+        // 1: Tests have passed.
259
+        // 2: Tests are running right now.
260
+        // 3: Tests have failed.
261
+        static $test_state = 0;
262
+
263
+        if ($test_state === 1 || $test_state === 2) {
264
+            return;
265
+        }
266
+
267
+        try {
268
+            $test_state = 2;
269
+            self::AESTestVector();
270
+            self::HMACTestVector();
271
+            self::HKDFTestVector();
272
+
273
+            self::TestEncryptDecrypt();
274
+            if (self::our_strlen(self::CreateNewRandomKey()) != self::KEY_BYTE_SIZE) {
275
+                throw new CryptoTestFailedException();
276
+            }
277
+
278
+            if (self::ENCRYPTION_INFO == self::AUTHENTICATION_INFO) {
279
+                throw new CryptoTestFailedException();
280
+            }
281
+        } catch (CryptoTestFailedException $ex) {
282
+            // Do this, otherwise it will stay in the "tests are running" state.
283
+            $test_state = 3;
284
+            throw $ex;
285
+        }
286
+
287
+        // Change this to '0' make the tests always re-run (for benchmarking).
288
+        $test_state = 1;
289
+    }
290
+
291
+    /*
292
+     * Never call this method directly!
293
+     */
294
+    private static function PlainEncrypt($plaintext, $key, $iv)
295
+    {
296
+        
297
+        $method = self::CIPHER.'-'.self::CIPHER_MODE;
298
+        
299
+        self::EnsureConstantExists("OPENSSL_RAW_DATA");
300
+        self::EnsureFunctionExists("openssl_encrypt");
301
+        $ciphertext = openssl_encrypt(
302
+            $plaintext,
303
+            $method,
304
+            $key,
305
+            OPENSSL_RAW_DATA,
306
+            $iv
307
+        );
308
+        
309
+        if ($ciphertext === false) {
310
+            throw new CannotPerformOperationException();
311
+        }
312
+
313
+        return $ciphertext;
314
+    }
315
+
316
+    /*
317
+     * Never call this method directly!
318
+     */
319
+    private static function PlainDecrypt($ciphertext, $key, $iv)
320
+    {
321
+        
322
+        $method = self::CIPHER.'-'.self::CIPHER_MODE;
323
+        
324
+        self::EnsureConstantExists("OPENSSL_RAW_DATA");
325
+        self::EnsureFunctionExists("openssl_encrypt");
326
+        $plaintext = openssl_decrypt(
327
+            $ciphertext,
328
+            $method,
329
+            $key,
330
+            OPENSSL_RAW_DATA,
331
+            $iv
332
+        );
333
+        if ($plaintext === FALSE) {
334
+            throw new CannotPerformOperationException();
335
+        }
336
+        
337
+        return $plaintext;
338
+    }
339
+
340
+    /*
341
+     * Returns a random binary string of length $octets bytes.
342
+     */
343
+    private static function SecureRandom($octets)
344
+    {
345
+        self::EnsureFunctionExists("mcrypt_create_iv");
346
+        $random = mcrypt_create_iv($octets, MCRYPT_DEV_URANDOM);
347
+        if ($random === FALSE) {
348
+            throw new CannotPerformOperationException();
349
+        } else {
350
+            return $random;
351
+        }
352
+    }
353
+
354
+    /*
355
+     * Use HKDF to derive multiple keys from one.
356
+     * http://tools.ietf.org/html/rfc5869
357
+     */
358
+    private static function HKDF($hash, $ikm, $length, $info = '', $salt = NULL)
359
+    {
360
+        // Find the correct digest length as quickly as we can.
361
+        $digest_length = self::MAC_BYTE_SIZE;
362
+        if ($hash != self::HASH_FUNCTION) {
363
+            $digest_length = self::our_strlen(hash_hmac($hash, '', '', true));
364
+        }
365
+
366
+        // Sanity-check the desired output length.
367
+        if (empty($length) || !is_int($length) ||
368
+            $length < 0 || $length > 255 * $digest_length) {
369
+            throw new CannotPerformOperationException();
370
+        }
371
+
372
+        // "if [salt] not provided, is set to a string of HashLen zeroes."
373
+        if (is_null($salt)) {
374
+            $salt = str_repeat("\x00", $digest_length);
375
+        }
376
+
377
+        // HKDF-Extract:
378
+        // PRK = HMAC-Hash(salt, IKM)
379
+        // The salt is the HMAC key.
380
+        $prk = hash_hmac($hash, $ikm, $salt, true);
381
+
382
+        // HKDF-Expand:
383
+
384
+        // This check is useless, but it serves as a reminder to the spec.
385
+        if (self::our_strlen($prk) < $digest_length) {
386
+            throw new CannotPerformOperationException();
387
+        }
388
+
389
+        // T(0) = ''
390
+        $t = '';
391
+        $last_block = '';
392
+        for ($block_index = 1; self::our_strlen($t) < $length; $block_index++) {
393
+            // T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??)
394
+            $last_block = hash_hmac(
395
+                $hash,
396
+                $last_block . $info . chr($block_index),
397
+                $prk,
398
+                true
399
+            );
400
+            // T = T(1) | T(2) | T(3) | ... | T(N)
401
+            $t .= $last_block;
402
+        }
403
+
404
+        // ORM = first L octets of T
405
+        $orm = self::our_substr($t, 0, $length);
406
+        if ($orm === FALSE) {
407
+            throw new CannotPerformOperationException();
408
+        }
409
+        return $orm;
410
+    }
411
+
412
+    private static function VerifyHMAC($correct_hmac, $message, $key)
413
+    {
414
+        $message_hmac = hash_hmac(self::HASH_FUNCTION, $message, $key, true);
415
+
416
+        // We can't just compare the strings with '==', since it would make
417
+        // timing attacks possible. We could use the XOR-OR constant-time
418
+        // comparison algorithm, but I'm not sure if that's good enough way up
419
+        // here in an interpreted language. So we use the method of HMACing the 
420
+        // strings we want to compare with a random key, then comparing those.
421
+
422
+        // NOTE: This leaks information when the strings are not the same
423
+        // length, but they should always be the same length here. Enforce it:
424
+        if (self::our_strlen($correct_hmac) !== self::our_strlen($message_hmac)) {
425
+            throw new CannotPerformOperationException();
426
+        }
427
+
428
+        $blind = self::CreateNewRandomKey();
429
+        $message_compare = hash_hmac(self::HASH_FUNCTION, $message_hmac, $blind);
430
+        $correct_compare = hash_hmac(self::HASH_FUNCTION, $correct_hmac, $blind);
431
+        return $correct_compare === $message_compare;
432
+    }
433
+
434
+    private static function TestEncryptDecrypt()
435
+    {
436
+        $key = self::CreateNewRandomKey();
437
+        $data = "EnCrYpT EvErYThInG\x00\x00";
438
+
439
+        // Make sure encrypting then decrypting doesn't change the message.
440
+        $ciphertext = self::Encrypt($data, $key);
441
+        try {
442
+            $decrypted = self::Decrypt($ciphertext, $key);
443
+        } catch (InvalidCiphertextException $ex) {
444
+            // It's important to catch this and change it into a 
445
+            // CryptoTestFailedException, otherwise a test failure could trick
446
+            // the user into thinking it's just an invalid ciphertext!
447
+            throw new CryptoTestFailedException();
448
+        }
449
+        if($decrypted !== $data)
450
+        {
451
+            throw new CryptoTestFailedException();
452
+        }
453
+
454
+        // Modifying the ciphertext: Appending a string.
455
+        try {
456
+            self::Decrypt($ciphertext . "a", $key);
457
+            throw new CryptoTestFailedException();
458
+        } catch (InvalidCiphertextException $e) { /* expected */ }
459
+
460
+        // Modifying the ciphertext: Changing an IV byte.
461
+        try {
462
+            $ciphertext[0] = chr((ord($ciphertext[0]) + 1) % 256);
463
+            self::Decrypt($ciphertext, $key);
464
+            throw new CryptoTestFailedException();
465
+        } catch (InvalidCiphertextException $e) { /* expected */ }
466
+
467
+        // Decrypting with the wrong key.
468
+        $key = self::CreateNewRandomKey();
469
+        $data = "abcdef";
470
+        $ciphertext = self::Encrypt($data, $key);
471
+        $wrong_key = self::CreateNewRandomKey();
472
+        try {
473
+            self::Decrypt($ciphertext, $wrong_key);
474
+            throw new CryptoTestFailedException();
475
+        } catch (InvalidCiphertextException $e) { /* expected */ }
476
+
477
+        // Ciphertext too small (shorter than HMAC).
478
+        $key = self::CreateNewRandomKey();
479
+        $ciphertext = str_repeat("A", self::MAC_BYTE_SIZE - 1);
480
+        try {
481
+            self::Decrypt($ciphertext, $key);
482
+            throw new CryptoTestFailedException();
483
+        } catch (InvalidCiphertextException $e) { /* expected */ }
484
+    }
485
+
486
+    private static function HKDFTestVector()
487
+    {
488
+        // HKDF test vectors from RFC 5869
489
+
490
+        // Test Case 1
491
+        $ikm = str_repeat("\x0b", 22);
492
+        $salt = self::hexToBytes("000102030405060708090a0b0c");
493
+        $info = self::hexToBytes("f0f1f2f3f4f5f6f7f8f9");
494
+        $length = 42;
495
+        $okm = self::hexToBytes(
496
+            "3cb25f25faacd57a90434f64d0362f2a" .
497
+            "2d2d0a90cf1a5a4c5db02d56ecc4c5bf" .
498
+            "34007208d5b887185865"
499
+        );
500
+        $computed_okm = self::HKDF("sha256", $ikm, $length, $info, $salt);
501
+        if ($computed_okm !== $okm) {
502
+            throw new CryptoTestFailedException();
503
+        }
504
+
505
+        // Test Case 7
506
+        $ikm = str_repeat("\x0c", 22);
507
+        $length = 42;
508
+        $okm = self::hexToBytes(
509
+            "2c91117204d745f3500d636a62f64f0a" .
510
+            "b3bae548aa53d423b0d1f27ebba6f5e5" .
511
+            "673a081d70cce7acfc48"
512
+        );
513
+        $computed_okm = self::HKDF("sha1", $ikm, $length);
514
+        if ($computed_okm !== $okm) {
515
+            throw new CryptoTestFailedException();
516
+        }
517
+
518
+    }
519
+
520
+    private static function HMACTestVector()
521
+    {
522
+        // HMAC test vector From RFC 4231 (Test Case 1)
523
+        $key = str_repeat("\x0b", 20);
524
+        $data = "Hi There";
525
+        $correct = "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7";
526
+        if (hash_hmac(self::HASH_FUNCTION, $data, $key) != $correct) {
527
+            throw new CryptoTestFailedException();
528
+        }
529
+    }
530
+
531
+    private static function AESTestVector()
532
+    {
533
+        // AES CBC mode test vector from NIST SP 800-38A
534
+        $key = self::hexToBytes("2b7e151628aed2a6abf7158809cf4f3c");
535
+        $iv = self::hexToBytes("000102030405060708090a0b0c0d0e0f");
536
+        $plaintext = self::hexToBytes(
537
+            "6bc1bee22e409f96e93d7e117393172a" . 
538
+            "ae2d8a571e03ac9c9eb76fac45af8e51" .
539
+            "30c81c46a35ce411e5fbc1191a0a52ef" .
540
+            "f69f2445df4f9b17ad2b417be66c3710"
541
+        );
542
+        $ciphertext = self::hexToBytes(
543
+            "7649abac8119b246cee98e9b12e9197d" .
544
+            "5086cb9b507219ee95db113a917678b2" .
545
+            "73bed6b8e3c1743b7116e69e22229516" .
546
+            "3ff1caa1681fac09120eca307586e1a7" .
547
+            /* Block due to padding. Not from NIST test vector. 
548
+                Padding Block: 10101010101010101010101010101010
549
+                Ciphertext:    3ff1caa1681fac09120eca307586e1a7
550
+                           (+) 2fe1dab1780fbc19021eda206596f1b7 
551
+                           AES 8cb82807230e1321d3fae00d18cc2012
552
+             
553
+             */
554
+            "8cb82807230e1321d3fae00d18cc2012"
555
+        );
556
+
557
+        $computed_ciphertext = self::PlainEncrypt($plaintext, $key, $iv);
558
+        if ($computed_ciphertext !== $ciphertext) {
559
+            throw new CryptoTestFailedException();
560
+        }
561
+
562
+        $computed_plaintext = self::PlainDecrypt($ciphertext, $key, $iv);
563
+        if ($computed_plaintext !== $plaintext) {
564
+            throw new CryptoTestFailedException();
565
+        }
566
+    }
567
+
568
+    /* WARNING: Do not call this function on secrets. It creates side channels. */
569
+    private static function hexToBytes($hex_string)
570
+    {
571
+        return pack("H*", $hex_string);
572
+    }
573
+
574
+    private static function EnsureConstantExists($name)
575
+    {
576
+        if (!defined($name)) {
577
+            throw new CannotPerformOperationException();
578
+        }
579
+    }
580
+    
581
+    private static function EnsureFunctionExists($name)
582
+    {
583
+        if (!function_exists($name)) {
584
+            throw new CannotPerformOperationException();
585
+        }
586
+    }
587
+
588
+    /*
589
+     * We need these strlen() and substr() functions because when
590
+     * 'mbstring.func_overload' is set in php.ini, the standard strlen() and
591
+     * substr() are replaced by mb_strlen() and mb_substr().
592
+     */
593
+
594
+    private static function our_strlen($str)
595
+    {
596
+        if (function_exists('mb_strlen')) {
597
+            $length = mb_strlen($str, '8bit');
598
+            if ($length === FALSE) {
599
+                throw new CannotPerformOperationException();
600
+            }
601
+            return $length;
602
+        } else {
603
+            return strlen($str);
604
+        }
605
+    }
606
+
607
+    private static function our_substr($str, $start, $length = NULL)
608
+    {
609
+        if (function_exists('mb_substr'))
610
+        {
611
+            // mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP
612
+            // 5.3, so we have to find the length ourselves.
613
+            if (!isset($length)) {
614
+                if ($start >= 0) {
615
+                    $length = self::our_strlen($str) - $start;
616
+                } else {
617
+                    $length = -$start;
618
+                }
619
+            }
620
+
621
+            return mb_substr($str, $start, $length, '8bit');
622
+        }
623
+
624
+        // Unlike mb_substr(), substr() doesn't accept NULL for length
625
+        if (isset($length)) {
626
+            return substr($str, $start, $length);
627
+        } else {
628
+            return substr($str, $start);
629
+        }
630
+    }
631
+
632
+}
633
+
634
+/*
635
+ * We want to catch all uncaught exceptions that come from the Crypto class,
636
+ * since by default, PHP will leak the key in the stack trace from an uncaught
637
+ * exception. This is a really ugly hack, but I think it's justified.
638
+ *
639
+ * Everything up to handler() getting called should be reliable, so this should
640
+ * reliably suppress the stack traces. The rest is just a bonus so that we don't
641
+ * make it impossible to debug other exceptions.
642
+ *
643
+ * This bit of code was adapted from: http://stackoverflow.com/a/7939492
644
+ */
645
+
646
+class CryptoExceptionHandler
647
+{
648
+    private $rethrow = NULL;
649
+
650
+    public function __construct()
651
+    {
652
+        set_exception_handler(array($this, "handler"));
653
+    }
654
+
655
+    public function handler($ex)
656
+    {
657
+        if (
658
+            $ex instanceof InvalidCiphertextException ||
659
+            $ex instanceof CannotPerformOperationException ||
660
+            $ex instanceof CryptoTestFailedException
661
+        ) {
662
+            echo "FATAL ERROR: Uncaught crypto exception. Suppresssing output.\n";
663
+        } else {
664
+            /* Re-throw the exception in the destructor. */
665
+            $this->rethrow = $ex;
666
+        }
667
+    }
668
+
669
+    public function __destruct() {
670
+        if ($this->rethrow) {
671
+            throw $this->rethrow;
672
+        }
673
+    }
674
+}
675
+
676
+$crypto_exception_handler_object_dont_touch_me = new CryptoExceptionHandler();
677
+

+ 79
- 0
library/defuse/php-encryption-1.2.1/README.md View File

@@ -0,0 +1,79 @@
1
+php-encryption
2
+===============
3
+
4
+This is a class for doing symmetric encryption in PHP. **Requires PHP 5.4 or newer.**
5
+
6
+[![Build Status](https://travis-ci.org/defuse/php-encryption.svg?branch=master)](https://travis-ci.org/defuse/php-encryption)
7
+
8
+Implementation
9
+--------------
10
+
11
+Messages are encrypted with AES-128 in CBC mode and are authenticated with
12
+HMAC-SHA256 (Encrypt-then-Mac). PKCS7 padding is used to pad the message to
13
+a multiple of the block size. HKDF is used to split the user-provided key into
14
+two keys: one for encryption, and the other for authentication. It is
15
+implemented using the `openssl_` and `hash_hmac` functions.
16
+
17
+Warning
18
+--------
19
+
20
+This is new code, and it hasn't received much review by experts. I have spent
21
+many hours making it as secure as possible (extensive runtime tests, secure
22
+coding practices), and auditing it for problems, but I may have missed some
23
+issues. So be careful. Don't trust it with your life. Check out the open GitHub
24
+issues for a list of known issues. If you find a problem with this library,
25
+please report it by opening a GitHub issue.
26
+
27
+That said, you're probably much better off using this library than any other
28
+encryption library written in PHP. 
29
+
30
+Philosophy
31
+-----------
32
+
33
+This library was created after noticing how much insecure PHP encryption code
34
+there is. I once did a Google search for "php encryption" and found insecure
35
+code or advice on 9 of the top 10 results.
36
+
37
+Encryption is becoming an essential component of modern websites. This library
38
+aims to fulfil a subset of that need: Authenticated symmetric encryption of
39
+short strings, given a random key.
40
+
41
+This library is developed around several core values:
42
+
43
+- Rule #1: Security is prioritized over everything else.
44
+
45
+    > Whenever there is a conflict between security and some other property,
46
+    > security will be favored. For example, the library has runtime tests,
47
+    > which make it slower, but will hopefully stop it from encrypting stuff
48
+    > if the platform it's running on is broken.
49
+
50
+- Rule #2: It should be difficult to misuse the library.
51
+
52
+    > We assume the developers using this library have no experience with
53
+    > cryptography. We only assume that they know that the "key" is something
54
+    > you need to encrypt and decrypt the messages, and that it must be
55
+    > protected. Whenever possible, the library should refuse to encrypt or
56
+    > decrypt messages when it is not being used correctly.
57
+
58
+- Rule #3: The library aims only to be compatible with itself.
59
+
60
+    > Other PHP encryption libraries try to support every possible type of
61
+    > encryption, even the insecure ones (e.g. ECB mode). Because there are so
62
+    > many options, inexperienced developers must make decisions between
63
+    > things like "CBC" mode and "ECB" mode, knowing nothing about either one,
64
+    > which inevitably creates vulnerabilities.
65
+
66
+    > This library will only support one secure mode. A developer using this
67
+    > library will call "encrypt" and "decrypt" not caring about how they are
68
+    > implemented.
69
+
70
+- Rule #4: The library should consist of a single PHP file and nothing more.
71
+
72
+    > Some PHP encryption libraries, like libsodium-php [1], are not
73
+    > straightforward to install and cannot packaged with "just download and
74
+    > extract" applications. This library will always be just one PHP file
75
+    > that you can put in your source tree and require().
76
+
77
+References:
78
+
79
+    [1] https://github.com/jedisct1/libsodium-php

+ 42
- 0
library/defuse/php-encryption-1.2.1/benchmark.php View File

@@ -0,0 +1,42 @@
1
+<?php
2
+
3
+require_once('Crypto.php');
4
+
5
+// Note: By default, the runtime tests are "cached" and not re-executed for
6
+// every call. To disable this, look at the RuntimeTest() function.
7
+
8
+$start = microtime(true);
9
+for ($i = 0; $i < 1000; $i++) {
10
+    $key = Crypto::CreateNewRandomKey();
11
+}
12
+$end = microtime(true);
13
+showResults("CreateNewRandomKey()", $start, $end, 1000);
14
+
15
+$start = microtime(true);
16
+for ($i = 0; $i < 100; $i++) {
17
+    $ciphertext = Crypto::Encrypt(
18
+        str_repeat("A", 1024*1024), 
19
+        str_repeat("B", 16)
20
+    );
21
+}
22
+$end = microtime(true);
23
+showResults("Encrypt(1MB)", $start, $end, 100);
24
+
25
+$start = microtime(true);
26
+for ($i = 0; $i < 1000; $i++) {
27
+    $ciphertext = Crypto::Encrypt(
28
+        str_repeat("A", 1024), 
29
+        str_repeat("B", 16)
30
+    );
31
+}
32
+$end = microtime(true);
33
+showResults("Encrypt(1KB)", $start, $end, 1000);
34
+
35
+function showResults($type, $start, $end, $count)
36
+{
37
+    $time = $end - $start;
38
+    $rate = $count / $time;
39
+    echo "$type: $rate calls/s\n";
40
+}
41
+
42
+?>

+ 20
- 0
library/defuse/php-encryption-1.2.1/composer.json View File

@@ -0,0 +1,20 @@
1
+{
2
+    "name": "defuse/php-encryption",
3
+    "description": "Secure PHP Encryption Library",
4
+    "license": "MIT",
5
+    "keywords": ["security", "encryption", "AES", "mcrypt", "cipher"],
6
+    "authors": [
7
+        {
8
+            "name": "Taylor Hornby",
9
+            "email": "havoc@defuse.ca"
10
+        }
11
+    ],
12
+    "autoload": {
13
+        "files": ["Crypto.php"]
14
+    },
15
+    "require": {
16
+        "php":  ">=5.4.0",
17
+        "ext-openssl": "*",
18
+        "ext-mcrypt":  "*"
19
+    }
20
+}

+ 36
- 0
library/defuse/php-encryption-1.2.1/example.php View File

@@ -0,0 +1,36 @@
1
+<?php
2
+require_once('Crypto.php');
3
+  try {
4
+      $key = Crypto::CreateNewRandomKey();
5
+      // WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
6
+      // they may leak the key to the attacker through side channels.
7
+  } catch (CryptoTestFailedException $ex) {
8
+      die('Cannot safely create a key');
9
+  } catch (CannotPerformOperationException $ex) {
10
+      die('Cannot safely create a key');
11
+  }
12
+
13
+  $message = "ATTACK AT DAWN";
14
+  try {
15
+      $ciphertext = Crypto::Encrypt($message, $key);
16
+  } catch (CryptoTestFailedException $ex) {
17
+      die('Cannot safely perform encryption');
18
+  } catch (CannotPerformOperationException $ex) {
19
+      die('Cannot safely perform decryption');
20
+  }
21
+
22
+  try {
23
+      $decrypted = Crypto::Decrypt($ciphertext, $key);
24
+  } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
25
+      // Either:
26
+      //   1. The ciphertext was modified by the attacker,
27
+      //   2. The key is wrong, or
28
+      //   3. $ciphertext is not a valid ciphertext or was corrupted.
29
+      // Assume the worst.
30
+      die('DANGER! DANGER! The ciphertext has been tampered with!');
31
+  } catch (CryptoTestFailedException $ex) {
32
+      die('Cannot safely perform encryption');
33
+  } catch (CannotPerformOperationException $ex) {
34
+      die('Cannot safely perform decryption');
35
+  }
36
+?>

+ 30
- 0
library/defuse/php-encryption-1.2.1/test.sh View File

@@ -0,0 +1,30 @@
1
+#!/bin/bash
2
+
3
+echo "Normal"
4
+echo "--------------------------------------------------"
5
+php -d mbstring.func_overload=0 tests/runtime.php
6
+if [ $? -ne 0 ]; then
7
+    echo "FAIL."
8
+    exit 1
9
+fi
10
+echo "--------------------------------------------------"
11
+
12
+echo ""
13
+
14
+echo "Multibyte"
15
+echo "--------------------------------------------------"
16
+php -d mbstring.func_overload=7 tests/runtime.php
17
+if [ $? -ne 0 ]; then
18
+    echo "FAIL."
19
+    exit 1
20
+fi
21
+echo "--------------------------------------------------"
22
+
23
+echo ""
24
+
25
+if [ -z "$(php Crypto.php)" ]; then
26
+    echo "PASS: Crypto.php output is empty."
27
+else
28
+    echo "FAIL: Crypto.php output is not empty."
29
+    exit 1
30
+fi

+ 32
- 0
library/defuse/php-encryption-1.2.1/tests/runtime.php View File

@@ -0,0 +1,32 @@
1
+<?php
2
+
3
+// Set the encoding to something more "challenging."
4
+$ret = mb_internal_encoding('UTF-8');
5
+if ($ret === FALSE) {
6
+    echo "Couldn't set encoding.";
7
+    exit(1);
8
+}
9
+
10
+// Dump out the settings / encoding for future reference.
11
+$val = ini_get("mbstring.func_overload");
12
+echo "Settings: \n";
13
+echo "    func_overload: " . $val . "\n";
14
+echo "    mb_internal_encoding(): " . mb_internal_encoding() . "\n";
15
+
16
+// Perform the tests.
17
+require_once('Crypto.php');
18
+try {
19
+    Crypto::RuntimeTest();
20
+    echo "TEST PASSED!\n";
21
+    exit(0);
22
+} catch (CryptoTestFailedException $ex) {
23
+    echo "TEST FAILED!\n";
24
+    var_dump($ex);
25
+    exit(1);
26
+} catch (CannotPerformOperationException $ex) {
27
+    echo "TEST FAILED\n";
28
+    var_dump($ex);
29
+    exit(1);
30
+}
31
+
32
+?>

+ 43
- 12
mod/dfrn_notify.php View File

@@ -4,6 +4,7 @@ require_once('library/simplepie/simplepie.inc');
4 4
 require_once('include/items.php');
5 5
 require_once('include/event.php');
6 6
 
7
+require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
7 8
 
8 9
 function dfrn_notify_post(&$a) {
9 10
     logger(__function__, LOGGER_TRACE);
@@ -12,6 +13,7 @@ function dfrn_notify_post(&$a) {
12 13
 	$challenge    = ((x($_POST,'challenge'))    ? notags(trim($_POST['challenge'])) : '');
13 14
 	$data         = ((x($_POST,'data'))         ? $_POST['data']                    : '');
14 15
 	$key          = ((x($_POST,'key'))          ? $_POST['key']                     : '');
16
+	$rino_remote  = ((x($_POST,'rino'))         ? intval($_POST['rino'])            :  0);
15 17
 	$dissolve     = ((x($_POST,'dissolve'))     ? intval($_POST['dissolve'])        :  0);
16 18
 	$perm         = ((x($_POST,'perm'))         ? notags(trim($_POST['perm']))      : 'r');
17 19
 	$ssl_policy   = ((x($_POST,'ssl_policy'))   ? notags(trim($_POST['ssl_policy'])): 'none');
@@ -130,7 +132,7 @@ function dfrn_notify_post(&$a) {
130 132
 	if($importer['page-flags'] == PAGE_SOAPBOX)
131 133
 		xml_status(0);
132 134
 
133
-	/** disable rino
135
+	
134 136
 	if(strlen($key)) {
135 137
 		$rawkey = hex2bin(trim($key));
136 138
 		logger('rino: md5 raw key: ' . md5($rawkey));
@@ -153,11 +155,42 @@ function dfrn_notify_post(&$a) {
153 155
 			}
154 156
 		}
155 157
 
156
-		logger('rino: received key : ' . $final_key);
157
-		$data = aes_decrypt(hex2bin($data),$final_key);
158
+		#logger('rino: received key : ' . $final_key);
159
+		
160
+		switch($rino_remote) {
161
+			case 0:
162
+			case 1:
163
+				// we got a key. old code send only the key, without RINO version.
164
+				// we assume RINO 1 if key and no RINO version
165
+				$data = aes_decrypt(hex2bin($data),$final_key);
166
+				break;
167
+			case 2:
168
+				try {
169
+					$data = Crypto::decrypt(hex2bin($data),$final_key);
170
+				} catch (InvalidCiphertext $ex) { // VERY IMPORTANT
171
+					// Either:
172
+					//   1. The ciphertext was modified by the attacker,
173
+					//   2. The key is wrong, or
174
+					//   3. $ciphertext is not a valid ciphertext or was corrupted.
175
+					// Assume the worst.
176
+					logger('The ciphertext has been tampered with!');
177
+					xml_status(0,'The ciphertext has been tampered with!');
178
+				} catch (Ex\CryptoTestFailed $ex) {
179
+					logger('Cannot safely perform dencryption');
180
+					xml_status(0,'CryptoTestFailed');
181
+				} catch (Ex\CannotPerformOperation $ex) {
182
+					logger('Cannot safely perform decryption');
183
+					xml_status(0,'Cannot safely perform decryption');
184
+				}
185
+				break;
186
+			default:
187
+				logger("rino: invalid sent verision '$rino_remote'");
188
+				xml_status(0);
189
+		}
190
+		
191
+		
158 192
 		logger('rino: decrypted data: ' . $data, LOGGER_DATA);
159 193
 	}
160
-	**/
161 194
 
162 195
 	$ret = local_delivery($importer,$data);
163 196
 	xml_status($ret);
@@ -253,16 +286,14 @@ function dfrn_notify_content(&$a) {
253 286
 		$challenge    = bin2hex($challenge);
254 287
 		$encrypted_id = bin2hex($encrypted_id);
255 288
 
256
-		/**
257
-	     * disable rino.
258
-		$rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
259
-
260
-		$rino_enable = get_config('system','rino_encrypt');
289
+		
290
+		$rino = get_config('system','rino_encrypt');
261 291
 
262
-		if(! $rino_enable)
292
+		if(! $rino){
263 293
 			$rino = 0;
264
-		**/
265
-		$rino = 0; $rino_enable = 0;
294
+		} else {
295
+			$rino = 2;
296
+		}
266 297
 		
267 298
 		if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) {
268 299
 			$perm = 'rw';

Loading…
Cancel
Save