Browse Source

Switch to new php-encryption library version

- Remove references to library/ files
- Add namespace to library classes
pull/3888/head
Hypolite Petovan 4 years ago
parent
commit
acd65aade1
  1. 3
      include/items.php
  2. 15
      mod/dfrn_notify.php
  3. 16
      src/Protocol/DFRN.php

3
include/items.php

@ -33,9 +33,6 @@ require_once 'mod/share.php';
require_once 'include/enotify.php';
require_once 'include/group.php';
/// @TODO one day with composer autoloader no more needed
require_once 'library/defuse/php-encryption-1.2.1/Crypto.php';
function construct_verb($item) {
if ($item['verb']) {
return $item['verb'];

15
mod/dfrn_notify.php

@ -11,10 +11,8 @@ use Friendica\Core\Config;
use Friendica\Database\DBM;
use Friendica\Protocol\DFRN;
require_once('include/items.php');
require_once('include/event.php');
require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
require_once 'include/items.php';
require_once 'include/event.php';
function dfrn_notify_post(App $a) {
logger(__function__, LOGGER_TRACE);
@ -185,8 +183,8 @@ function dfrn_notify_post(App $a) {
break;
case 2:
try {
$data = Crypto::decrypt(hex2bin($data), $final_key);
} catch (InvalidCiphertext $ex) { // VERY IMPORTANT
$data = \Defuse\Crypto\Crypto::decrypt(hex2bin($data), $final_key);
} catch (\Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT
/*
* Either:
* 1. The ciphertext was modified by the attacker,
@ -196,12 +194,9 @@ function dfrn_notify_post(App $a) {
*/
logger('The ciphertext has been tampered with!');
xml_status(0, 'The ciphertext has been tampered with!');
} catch (Ex\CryptoTestFailed $ex) {
} catch (\Defuse\Crypto\Exception\EnvironmentIsBrokenException $ex) {
logger('Cannot safely perform dencryption');
xml_status(0, 'CryptoTestFailed');
} catch (Ex\CannotPerformOperation $ex) {
logger('Cannot safely perform decryption');
xml_status(0, 'Cannot safely perform decryption');
}
break;
default:

16
src/Protocol/DFRN.php

@ -1296,26 +1296,20 @@ class DFRN
case 2:
// RINO 2 based on php-encryption
try {
$key = Crypto::createNewRandomKey();
} catch (CryptoTestFailed $ex) {
$key = \Defuse\Crypto\Key::createNewRandomKey();
} catch (\Defuse\Crypto\Exception\CryptoException $ex) {
logger('Cannot safely create a key');
return -4;
} catch (CannotPerformOperation $ex) {
logger('Cannot safely create a key');
return -5;
}
try {
$data = Crypto::encrypt($postvars['data'], $key);
} catch (CryptoTestFailed $ex) {
$data = \Defuse\Crypto\Crypto::encrypt($postvars['data'], $key);
} catch (\Defuse\Crypto\Exception\CryptoException $ex) {
logger('Cannot safely perform encryption');
return -6;
} catch (CannotPerformOperation $ex) {
logger('Cannot safely perform encryption');
return -7;
}
break;
default:
logger("rino: invalid requested verision '$rino_remote_version'");
logger("rino: invalid requested version '$rino_remote_version'");
return -8;
}

Loading…
Cancel
Save