friendica
/
friendica
mirror of https://github.com/friendica/friendica.git
4
7
Fork 3
Code Issues Releases 15 Wiki Activity
Browse Source

until algorithm is sorted, ignore D* verification failures so we can debug the rest

pull/1/head
Friendika 11 years ago
parent
0d9d576aa6
commit
8fa6f49242
3 changed files with 25 additions and 26 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      boot.php
  2. 17
      include/crypto.php
  3. 32
      include/diaspora.php

2
boot.php
Unescape View File

@ -7,7 +7,7 @@ require_once('include/text.php');
require_once("include/pgettext.php");
define ( 'FRIENDIKA_VERSION', '2.2.1077' );
define ( 'FRIENDIKA_VERSION', '2.2.1078' );
define ( 'DFRN_PROTOCOL_VERSION', '2.21' );
define ( 'DB_UPDATE_VERSION', 1081 );

17
include/crypto.php
Unescape View File

@ -3,19 +3,20 @@
require_once('library/ASNValue.class.php');
require_once('library/asn1.php');
// supported algorithms are 'sha256', 'sha1'
function rsa_sign($data,$key) {
function rsa_sign($data,$key,$alg = 'sha256') {
$sig = '';
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
openssl_sign($data,$sig,$key,'sha256');
if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') {
openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : 'sha256'));
}
else {
if(strlen($key) < 1024 || extension_loaded('gmp')) {
require_once('library/phpsec/Crypt/RSA.php');
$rsa = new CRYPT_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
$rsa->setHash('sha256');
$rsa->setHash($alg);
$rsa->loadKey($key);
$sig = $rsa->sign($data);
}
@ -27,17 +28,17 @@ function rsa_sign($data,$key) {
return $sig;
}
function rsa_verify($data,$sig,$key) {
function rsa_verify($data,$sig,$key,$alg = 'sha256') {
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
$verify = openssl_verify($data,$sig,$key,'sha256');
if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') {
$verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : 'sha256'));
}
else {
if(strlen($key) <= 300 || extension_loaded('gmp')) {
require_once('library/phpsec/Crypt/RSA.php');
$rsa = new CRYPT_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
$rsa->setHash('sha256');
$rsa->setHash($alg);
$rsa->loadKey($key);
$verify = $rsa->verify($data,$sig);
}

32
include/diaspora.php
Unescape View File

@ -192,7 +192,7 @@ function diaspora_decode($importer,$xml) {
// Add back the 60 char linefeeds
// Diaspora devs: This completely violates the entire principle of salmon magic signatures,
// This completely violates the entire principle of salmon magic signatures,
// which was to have a message signing format that was completely ambivalent to linefeeds
// and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby
// use different linelengths for base64 output.
@ -208,7 +208,7 @@ function diaspora_decode($importer,$xml) {
$encoding = $base->encoding;
$alg = $base->alg;
// Diaspora devs: I can't even begin to tell you how sucky this is. Please read the spec.
// I can't even begin to tell you how sucky this is. Please read the spec.
$signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
@ -231,12 +231,10 @@ function diaspora_decode($importer,$xml) {
}
// Once we have the author URI, go to the web and try to find their public key
// *** or look it up locally ***
// (first this will look it up locally if it is in the fcontact cache)
// This will also convert diaspora public key from pkcs#1 to pkcs#8
logger('mod-diaspora: Fetching key for ' . $author_link );
// Get diaspora public key (pkcs#1) and convert to pkcs#8
$key = get_diaspora_key($author_link);
if(! $key) {
@ -510,9 +508,10 @@ function diaspora_comment($importer,$xml,$msg) {
}
}
if(! rsa_verify($author_signed_data,$author_signature,$key)) {
if(! rsa_verify($author_signed_data,$author_signature,$key,'sha1')) {
logger('diaspora_comment: verification failed.');
return;
// until we figure out what is different about their signing algorithm, accept it
// return;
}
@ -523,9 +522,9 @@ function diaspora_comment($importer,$xml,$msg) {
$key = $msg['key'];
if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) {
if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha1')) {
logger('diaspora_comment: owner verification failed.');
return;
// return;
}
}
@ -677,9 +676,9 @@ function diaspora_like($importer,$xml,$msg) {
}
}
if(! rsa_verify($author_signed_data,$author_signature,$key)) {
if(! rsa_verify($author_signed_data,$author_signature,$key,'sha1')) {
logger('diaspora_like: verification failed.');
return;
// return;
}
if($parent_author_signature) {
@ -689,9 +688,9 @@ function diaspora_like($importer,$xml,$msg) {
$key = $msg['key'];
if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) {
if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha1')) {
logger('diaspora_like: owner verification failed.');
return;
// return;
}
}
@ -790,7 +789,6 @@ function diaspora_share($me,$contact) {
$myaddr = $me['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
$theiraddr = $contact['addr'];
logger('diaspora_share: contact: ' . print_r($contact,true), LOGGER_DATA);
$tpl = get_markup_template('diaspora_share.tpl');
$msg = replace_macros($tpl, array(
'$sender' => $myaddr,
@ -871,7 +869,7 @@ function diaspora_send_followup($item,$owner,$contact) {
else
$signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr;
$authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']));
$authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']),'sha1');
$msg = replace_macros($tpl,array(
'$guid' => xmlify($item['guid']),
@ -939,7 +937,7 @@ function diaspora_send_relay($item,$owner,$contact) {
else
$parent_signed_text = $orig_sign['signed_text'];
$parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']));
$parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha1'));
$msg = replace_macros($tpl,array(
'$guid' => xmlify($item['guid']),

Write Preview
Loading…
Cancel
Save