From 6fbb02fb93ffe8a004a27267cb05e8b9ba24038b Mon Sep 17 00:00:00 2001 From: Fabrixxm Date: Tue, 23 Jun 2015 16:13:09 +0200 Subject: [PATCH] RINO 2 based on php-encryption reenable RINO 1 functions, add a deprecation note. use by default RINO 2 , with crypto from php-encryption fallback to RINO 1 for old nodes. --- include/crypto.php | 5 +- include/items.php | 72 +- .../defuse/php-encryption-1.2.1/.travis.yml | 22 + .../defuse/php-encryption-1.2.1/Crypto.php | 677 ++++++++++++++++++ library/defuse/php-encryption-1.2.1/README.md | 79 ++ .../defuse/php-encryption-1.2.1/benchmark.php | 42 ++ .../defuse/php-encryption-1.2.1/composer.json | 20 + .../defuse/php-encryption-1.2.1/example.php | 36 + library/defuse/php-encryption-1.2.1/test.sh | 30 + .../php-encryption-1.2.1/tests/runtime.php | 32 + mod/dfrn_notify.php | 55 +- 11 files changed, 1038 insertions(+), 32 deletions(-) create mode 100644 library/defuse/php-encryption-1.2.1/.travis.yml create mode 100644 library/defuse/php-encryption-1.2.1/Crypto.php create mode 100644 library/defuse/php-encryption-1.2.1/README.md create mode 100644 library/defuse/php-encryption-1.2.1/benchmark.php create mode 100644 library/defuse/php-encryption-1.2.1/composer.json create mode 100644 library/defuse/php-encryption-1.2.1/example.php create mode 100644 library/defuse/php-encryption-1.2.1/test.sh create mode 100644 library/defuse/php-encryption-1.2.1/tests/runtime.php diff --git a/include/crypto.php b/include/crypto.php index 87744d2d6..f5163a9da 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -185,8 +185,9 @@ function salmon_key($pubkey) { } -/** disable rino + if(! function_exists('aes_decrypt')) { +// DEPRECATED IN 3.4.1 function aes_decrypt($val,$ky) { $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; @@ -200,6 +201,7 @@ function aes_decrypt($val,$ky) if(! function_exists('aes_encrypt')) { +// DEPRECATED IN 3.4.1 function aes_encrypt($val,$ky) { $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; @@ -210,7 +212,6 @@ function aes_encrypt($val,$ky) $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16))); return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM)); }} -**/ function pkcs5_pad ($text, $blocksize) { diff --git a/include/items.php b/include/items.php index b390a168b..2feab3ea1 100644 --- a/include/items.php +++ b/include/items.php @@ -15,6 +15,9 @@ require_once('include/plaintext.php'); require_once('include/ostatus.php'); require_once('mod/share.php'); +require_once('library/defuse/php-encryption-1.2.1/Crypto.php'); + + function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false) { @@ -1982,16 +1985,16 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { if($contact['duplex'] && $contact['issued-id']) $idtosend = '1:' . $orig_id; - /** - * disable rino. - $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0); - - $rino_enable = get_config('system','rino_encrypt'); - - if(! $rino_enable) + + $rino = get_config('system','rino_encrypt'); + + if(! $rino) { $rino = 0; - **/ - $rino = 0; $rino_enable = 0; + } else { + $rino = 2; + } + + $ssl_val = intval(get_config('system','ssl_policy')); $ssl_policy = ''; @@ -2009,7 +2012,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { break; } - $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : ''); + $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino='.$rino : ''); logger('dfrn_deliver: ' . $url); @@ -2040,7 +2043,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $challenge = hex2bin((string) $res->challenge); $perm = (($res->perm) ? $res->perm : null); $dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0); - $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); + $rino_remote_version = intval($res->rino); $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0); if($owner['page-flags'] == PAGE_PRVGROUP) @@ -2101,12 +2104,45 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { if($page) $postvars['page'] = $page; - /** disable rino - if($rino && $rino_allowed && (! $dissolve)) { - $key = substr(random_string(),0,16); - $data = bin2hex(aes_encrypt($postvars['data'],$key)); - $postvars['data'] = $data; - logger('rino: sent key = ' . $key, LOGGER_DEBUG); + if($rino>0 && $rino_remote_version>0 && (! $dissolve)) { + logger('rino version: '. $rino_remote_version); + + switch($rino_remote_version) { + case 1: + // Deprecated rino version! + $key = substr(random_string(),0,16); + $data = aes_encrypt($postvars['data'],$key); + break; + case 2: + // RINO 2 based on php-encryption + try { + $key = Crypto::createNewRandomKey(); + } catch (CryptoTestFailed $ex) { + logger('Cannot safely create a key'); + return -1; + } catch (CannotPerformOperation $ex) { + logger('Cannot safely create a key'); + return -1; + } + try { + $data = Crypto::encrypt($postvars['data'], $key); + } catch (CryptoTestFailed $ex) { + logger('Cannot safely perform encryption'); + return -1; + } catch (CannotPerformOperation $ex) { + logger('Cannot safely perform encryption'); + return -1; + } + break; + default: + logger("rino: invalid requested verision '$rino_remote_version'"); + return -1; + } + + $postvars['rino'] = $rino_remote_version; + $postvars['data'] = bin2hex($data); + + #logger('rino: sent key = ' . $key, LOGGER_DEBUG); if($dfrn_version >= 2.1) { @@ -2133,7 +2169,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars['key'] = bin2hex($postvars['key']); } - **/ + logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA); diff --git a/library/defuse/php-encryption-1.2.1/.travis.yml b/library/defuse/php-encryption-1.2.1/.travis.yml new file mode 100644 index 000000000..20ec31c20 --- /dev/null +++ b/library/defuse/php-encryption-1.2.1/.travis.yml @@ -0,0 +1,22 @@ +language: php +php: + - "5.6" + - "5.5" + - "5.4" + - "5.3" + - "5.2" +# Versions below here are not installed on travis-ci +# - "5.1" +# - "5.0" +# - "4.4" +# - "4.3" +# - "4.2" +# - "4.1" +# - "4.0" + +matrix: + allow_failures: + - php: "5.3" + - php: "5.2" + +script: ./test.sh diff --git a/library/defuse/php-encryption-1.2.1/Crypto.php b/library/defuse/php-encryption-1.2.1/Crypto.php new file mode 100644 index 000000000..60b5a62cc --- /dev/null +++ b/library/defuse/php-encryption-1.2.1/Crypto.php @@ -0,0 +1,677 @@ + 255 * $digest_length) { + throw new CannotPerformOperationException(); + } + + // "if [salt] not provided, is set to a string of HashLen zeroes." + if (is_null($salt)) { + $salt = str_repeat("\x00", $digest_length); + } + + // HKDF-Extract: + // PRK = HMAC-Hash(salt, IKM) + // The salt is the HMAC key. + $prk = hash_hmac($hash, $ikm, $salt, true); + + // HKDF-Expand: + + // This check is useless, but it serves as a reminder to the spec. + if (self::our_strlen($prk) < $digest_length) { + throw new CannotPerformOperationException(); + } + + // T(0) = '' + $t = ''; + $last_block = ''; + for ($block_index = 1; self::our_strlen($t) < $length; $block_index++) { + // T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??) + $last_block = hash_hmac( + $hash, + $last_block . $info . chr($block_index), + $prk, + true + ); + // T = T(1) | T(2) | T(3) | ... | T(N) + $t .= $last_block; + } + + // ORM = first L octets of T + $orm = self::our_substr($t, 0, $length); + if ($orm === FALSE) { + throw new CannotPerformOperationException(); + } + return $orm; + } + + private static function VerifyHMAC($correct_hmac, $message, $key) + { + $message_hmac = hash_hmac(self::HASH_FUNCTION, $message, $key, true); + + // We can't just compare the strings with '==', since it would make + // timing attacks possible. We could use the XOR-OR constant-time + // comparison algorithm, but I'm not sure if that's good enough way up + // here in an interpreted language. So we use the method of HMACing the + // strings we want to compare with a random key, then comparing those. + + // NOTE: This leaks information when the strings are not the same + // length, but they should always be the same length here. Enforce it: + if (self::our_strlen($correct_hmac) !== self::our_strlen($message_hmac)) { + throw new CannotPerformOperationException(); + } + + $blind = self::CreateNewRandomKey(); + $message_compare = hash_hmac(self::HASH_FUNCTION, $message_hmac, $blind); + $correct_compare = hash_hmac(self::HASH_FUNCTION, $correct_hmac, $blind); + return $correct_compare === $message_compare; + } + + private static function TestEncryptDecrypt() + { + $key = self::CreateNewRandomKey(); + $data = "EnCrYpT EvErYThInG\x00\x00"; + + // Make sure encrypting then decrypting doesn't change the message. + $ciphertext = self::Encrypt($data, $key); + try { + $decrypted = self::Decrypt($ciphertext, $key); + } catch (InvalidCiphertextException $ex) { + // It's important to catch this and change it into a + // CryptoTestFailedException, otherwise a test failure could trick + // the user into thinking it's just an invalid ciphertext! + throw new CryptoTestFailedException(); + } + if($decrypted !== $data) + { + throw new CryptoTestFailedException(); + } + + // Modifying the ciphertext: Appending a string. + try { + self::Decrypt($ciphertext . "a", $key); + throw new CryptoTestFailedException(); + } catch (InvalidCiphertextException $e) { /* expected */ } + + // Modifying the ciphertext: Changing an IV byte. + try { + $ciphertext[0] = chr((ord($ciphertext[0]) + 1) % 256); + self::Decrypt($ciphertext, $key); + throw new CryptoTestFailedException(); + } catch (InvalidCiphertextException $e) { /* expected */ } + + // Decrypting with the wrong key. + $key = self::CreateNewRandomKey(); + $data = "abcdef"; + $ciphertext = self::Encrypt($data, $key); + $wrong_key = self::CreateNewRandomKey(); + try { + self::Decrypt($ciphertext, $wrong_key); + throw new CryptoTestFailedException(); + } catch (InvalidCiphertextException $e) { /* expected */ } + + // Ciphertext too small (shorter than HMAC). + $key = self::CreateNewRandomKey(); + $ciphertext = str_repeat("A", self::MAC_BYTE_SIZE - 1); + try { + self::Decrypt($ciphertext, $key); + throw new CryptoTestFailedException(); + } catch (InvalidCiphertextException $e) { /* expected */ } + } + + private static function HKDFTestVector() + { + // HKDF test vectors from RFC 5869 + + // Test Case 1 + $ikm = str_repeat("\x0b", 22); + $salt = self::hexToBytes("000102030405060708090a0b0c"); + $info = self::hexToBytes("f0f1f2f3f4f5f6f7f8f9"); + $length = 42; + $okm = self::hexToBytes( + "3cb25f25faacd57a90434f64d0362f2a" . + "2d2d0a90cf1a5a4c5db02d56ecc4c5bf" . + "34007208d5b887185865" + ); + $computed_okm = self::HKDF("sha256", $ikm, $length, $info, $salt); + if ($computed_okm !== $okm) { + throw new CryptoTestFailedException(); + } + + // Test Case 7 + $ikm = str_repeat("\x0c", 22); + $length = 42; + $okm = self::hexToBytes( + "2c91117204d745f3500d636a62f64f0a" . + "b3bae548aa53d423b0d1f27ebba6f5e5" . + "673a081d70cce7acfc48" + ); + $computed_okm = self::HKDF("sha1", $ikm, $length); + if ($computed_okm !== $okm) { + throw new CryptoTestFailedException(); + } + + } + + private static function HMACTestVector() + { + // HMAC test vector From RFC 4231 (Test Case 1) + $key = str_repeat("\x0b", 20); + $data = "Hi There"; + $correct = "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"; + if (hash_hmac(self::HASH_FUNCTION, $data, $key) != $correct) { + throw new CryptoTestFailedException(); + } + } + + private static function AESTestVector() + { + // AES CBC mode test vector from NIST SP 800-38A + $key = self::hexToBytes("2b7e151628aed2a6abf7158809cf4f3c"); + $iv = self::hexToBytes("000102030405060708090a0b0c0d0e0f"); + $plaintext = self::hexToBytes( + "6bc1bee22e409f96e93d7e117393172a" . + "ae2d8a571e03ac9c9eb76fac45af8e51" . + "30c81c46a35ce411e5fbc1191a0a52ef" . + "f69f2445df4f9b17ad2b417be66c3710" + ); + $ciphertext = self::hexToBytes( + "7649abac8119b246cee98e9b12e9197d" . + "5086cb9b507219ee95db113a917678b2" . + "73bed6b8e3c1743b7116e69e22229516" . + "3ff1caa1681fac09120eca307586e1a7" . + /* Block due to padding. Not from NIST test vector. + Padding Block: 10101010101010101010101010101010 + Ciphertext: 3ff1caa1681fac09120eca307586e1a7 + (+) 2fe1dab1780fbc19021eda206596f1b7 + AES 8cb82807230e1321d3fae00d18cc2012 + + */ + "8cb82807230e1321d3fae00d18cc2012" + ); + + $computed_ciphertext = self::PlainEncrypt($plaintext, $key, $iv); + if ($computed_ciphertext !== $ciphertext) { + throw new CryptoTestFailedException(); + } + + $computed_plaintext = self::PlainDecrypt($ciphertext, $key, $iv); + if ($computed_plaintext !== $plaintext) { + throw new CryptoTestFailedException(); + } + } + + /* WARNING: Do not call this function on secrets. It creates side channels. */ + private static function hexToBytes($hex_string) + { + return pack("H*", $hex_string); + } + + private static function EnsureConstantExists($name) + { + if (!defined($name)) { + throw new CannotPerformOperationException(); + } + } + + private static function EnsureFunctionExists($name) + { + if (!function_exists($name)) { + throw new CannotPerformOperationException(); + } + } + + /* + * We need these strlen() and substr() functions because when + * 'mbstring.func_overload' is set in php.ini, the standard strlen() and + * substr() are replaced by mb_strlen() and mb_substr(). + */ + + private static function our_strlen($str) + { + if (function_exists('mb_strlen')) { + $length = mb_strlen($str, '8bit'); + if ($length === FALSE) { + throw new CannotPerformOperationException(); + } + return $length; + } else { + return strlen($str); + } + } + + private static function our_substr($str, $start, $length = NULL) + { + if (function_exists('mb_substr')) + { + // mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP + // 5.3, so we have to find the length ourselves. + if (!isset($length)) { + if ($start >= 0) { + $length = self::our_strlen($str) - $start; + } else { + $length = -$start; + } + } + + return mb_substr($str, $start, $length, '8bit'); + } + + // Unlike mb_substr(), substr() doesn't accept NULL for length + if (isset($length)) { + return substr($str, $start, $length); + } else { + return substr($str, $start); + } + } + +} + +/* + * We want to catch all uncaught exceptions that come from the Crypto class, + * since by default, PHP will leak the key in the stack trace from an uncaught + * exception. This is a really ugly hack, but I think it's justified. + * + * Everything up to handler() getting called should be reliable, so this should + * reliably suppress the stack traces. The rest is just a bonus so that we don't + * make it impossible to debug other exceptions. + * + * This bit of code was adapted from: http://stackoverflow.com/a/7939492 + */ + +class CryptoExceptionHandler +{ + private $rethrow = NULL; + + public function __construct() + { + set_exception_handler(array($this, "handler")); + } + + public function handler($ex) + { + if ( + $ex instanceof InvalidCiphertextException || + $ex instanceof CannotPerformOperationException || + $ex instanceof CryptoTestFailedException + ) { + echo "FATAL ERROR: Uncaught crypto exception. Suppresssing output.\n"; + } else { + /* Re-throw the exception in the destructor. */ + $this->rethrow = $ex; + } + } + + public function __destruct() { + if ($this->rethrow) { + throw $this->rethrow; + } + } +} + +$crypto_exception_handler_object_dont_touch_me = new CryptoExceptionHandler(); + diff --git a/library/defuse/php-encryption-1.2.1/README.md b/library/defuse/php-encryption-1.2.1/README.md new file mode 100644 index 000000000..292ecf957 --- /dev/null +++ b/library/defuse/php-encryption-1.2.1/README.md @@ -0,0 +1,79 @@ +php-encryption +=============== + +This is a class for doing symmetric encryption in PHP. **Requires PHP 5.4 or newer.** + +[![Build Status](https://travis-ci.org/defuse/php-encryption.svg?branch=master)](https://travis-ci.org/defuse/php-encryption) + +Implementation +-------------- + +Messages are encrypted with AES-128 in CBC mode and are authenticated with +HMAC-SHA256 (Encrypt-then-Mac). PKCS7 padding is used to pad the message to +a multiple of the block size. HKDF is used to split the user-provided key into +two keys: one for encryption, and the other for authentication. It is +implemented using the `openssl_` and `hash_hmac` functions. + +Warning +-------- + +This is new code, and it hasn't received much review by experts. I have spent +many hours making it as secure as possible (extensive runtime tests, secure +coding practices), and auditing it for problems, but I may have missed some +issues. So be careful. Don't trust it with your life. Check out the open GitHub +issues for a list of known issues. If you find a problem with this library, +please report it by opening a GitHub issue. + +That said, you're probably much better off using this library than any other +encryption library written in PHP. + +Philosophy +----------- + +This library was created after noticing how much insecure PHP encryption code +there is. I once did a Google search for "php encryption" and found insecure +code or advice on 9 of the top 10 results. + +Encryption is becoming an essential component of modern websites. This library +aims to fulfil a subset of that need: Authenticated symmetric encryption of +short strings, given a random key. + +This library is developed around several core values: + +- Rule #1: Security is prioritized over everything else. + + > Whenever there is a conflict between security and some other property, + > security will be favored. For example, the library has runtime tests, + > which make it slower, but will hopefully stop it from encrypting stuff + > if the platform it's running on is broken. + +- Rule #2: It should be difficult to misuse the library. + + > We assume the developers using this library have no experience with + > cryptography. We only assume that they know that the "key" is something + > you need to encrypt and decrypt the messages, and that it must be + > protected. Whenever possible, the library should refuse to encrypt or + > decrypt messages when it is not being used correctly. + +- Rule #3: The library aims only to be compatible with itself. + + > Other PHP encryption libraries try to support every possible type of + > encryption, even the insecure ones (e.g. ECB mode). Because there are so + > many options, inexperienced developers must make decisions between + > things like "CBC" mode and "ECB" mode, knowing nothing about either one, + > which inevitably creates vulnerabilities. + + > This library will only support one secure mode. A developer using this + > library will call "encrypt" and "decrypt" not caring about how they are + > implemented. + +- Rule #4: The library should consist of a single PHP file and nothing more. + + > Some PHP encryption libraries, like libsodium-php [1], are not + > straightforward to install and cannot packaged with "just download and + > extract" applications. This library will always be just one PHP file + > that you can put in your source tree and require(). + +References: + + [1] https://github.com/jedisct1/libsodium-php diff --git a/library/defuse/php-encryption-1.2.1/benchmark.php b/library/defuse/php-encryption-1.2.1/benchmark.php new file mode 100644 index 000000000..3da61a628 --- /dev/null +++ b/library/defuse/php-encryption-1.2.1/benchmark.php @@ -0,0 +1,42 @@ + diff --git a/library/defuse/php-encryption-1.2.1/composer.json b/library/defuse/php-encryption-1.2.1/composer.json new file mode 100644 index 000000000..6856b9c72 --- /dev/null +++ b/library/defuse/php-encryption-1.2.1/composer.json @@ -0,0 +1,20 @@ +{ + "name": "defuse/php-encryption", + "description": "Secure PHP Encryption Library", + "license": "MIT", + "keywords": ["security", "encryption", "AES", "mcrypt", "cipher"], + "authors": [ + { + "name": "Taylor Hornby", + "email": "havoc@defuse.ca" + } + ], + "autoload": { + "files": ["Crypto.php"] + }, + "require": { + "php": ">=5.4.0", + "ext-openssl": "*", + "ext-mcrypt": "*" + } +} diff --git a/library/defuse/php-encryption-1.2.1/example.php b/library/defuse/php-encryption-1.2.1/example.php new file mode 100644 index 000000000..10e73f915 --- /dev/null +++ b/library/defuse/php-encryption-1.2.1/example.php @@ -0,0 +1,36 @@ + diff --git a/library/defuse/php-encryption-1.2.1/test.sh b/library/defuse/php-encryption-1.2.1/test.sh new file mode 100644 index 000000000..d1691e7c6 --- /dev/null +++ b/library/defuse/php-encryption-1.2.1/test.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +echo "Normal" +echo "--------------------------------------------------" +php -d mbstring.func_overload=0 tests/runtime.php +if [ $? -ne 0 ]; then + echo "FAIL." + exit 1 +fi +echo "--------------------------------------------------" + +echo "" + +echo "Multibyte" +echo "--------------------------------------------------" +php -d mbstring.func_overload=7 tests/runtime.php +if [ $? -ne 0 ]; then + echo "FAIL." + exit 1 +fi +echo "--------------------------------------------------" + +echo "" + +if [ -z "$(php Crypto.php)" ]; then + echo "PASS: Crypto.php output is empty." +else + echo "FAIL: Crypto.php output is not empty." + exit 1 +fi diff --git a/library/defuse/php-encryption-1.2.1/tests/runtime.php b/library/defuse/php-encryption-1.2.1/tests/runtime.php new file mode 100644 index 000000000..76565c58e --- /dev/null +++ b/library/defuse/php-encryption-1.2.1/tests/runtime.php @@ -0,0 +1,32 @@ + diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 04b4b8ca6..c8b7438c1 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -4,6 +4,7 @@ require_once('library/simplepie/simplepie.inc'); require_once('include/items.php'); require_once('include/event.php'); +require_once('library/defuse/php-encryption-1.2.1/Crypto.php'); function dfrn_notify_post(&$a) { logger(__function__, LOGGER_TRACE); @@ -12,6 +13,7 @@ function dfrn_notify_post(&$a) { $challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : ''); $data = ((x($_POST,'data')) ? $_POST['data'] : ''); $key = ((x($_POST,'key')) ? $_POST['key'] : ''); + $rino_remote = ((x($_POST,'rino')) ? intval($_POST['rino']) : 0); $dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0); $perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r'); $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none'); @@ -130,7 +132,7 @@ function dfrn_notify_post(&$a) { if($importer['page-flags'] == PAGE_SOAPBOX) xml_status(0); - /** disable rino + if(strlen($key)) { $rawkey = hex2bin(trim($key)); logger('rino: md5 raw key: ' . md5($rawkey)); @@ -153,11 +155,42 @@ function dfrn_notify_post(&$a) { } } - logger('rino: received key : ' . $final_key); - $data = aes_decrypt(hex2bin($data),$final_key); + #logger('rino: received key : ' . $final_key); + + switch($rino_remote) { + case 0: + case 1: + // we got a key. old code send only the key, without RINO version. + // we assume RINO 1 if key and no RINO version + $data = aes_decrypt(hex2bin($data),$final_key); + break; + case 2: + try { + $data = Crypto::decrypt(hex2bin($data),$final_key); + } catch (InvalidCiphertext $ex) { // VERY IMPORTANT + // Either: + // 1. The ciphertext was modified by the attacker, + // 2. The key is wrong, or + // 3. $ciphertext is not a valid ciphertext or was corrupted. + // Assume the worst. + logger('The ciphertext has been tampered with!'); + xml_status(0,'The ciphertext has been tampered with!'); + } catch (Ex\CryptoTestFailed $ex) { + logger('Cannot safely perform dencryption'); + xml_status(0,'CryptoTestFailed'); + } catch (Ex\CannotPerformOperation $ex) { + logger('Cannot safely perform decryption'); + xml_status(0,'Cannot safely perform decryption'); + } + break; + default: + logger("rino: invalid sent verision '$rino_remote'"); + xml_status(0); + } + + logger('rino: decrypted data: ' . $data, LOGGER_DATA); } - **/ $ret = local_delivery($importer,$data); xml_status($ret); @@ -253,16 +286,14 @@ function dfrn_notify_content(&$a) { $challenge = bin2hex($challenge); $encrypted_id = bin2hex($encrypted_id); - /** - * disable rino. - $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0); + + $rino = get_config('system','rino_encrypt'); - $rino_enable = get_config('system','rino_encrypt'); - - if(! $rino_enable) + if(! $rino){ $rino = 0; - **/ - $rino = 0; $rino_enable = 0; + } else { + $rino = 2; + } if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) { $perm = 'rw';