RINO 2 based on php-encryption
reenable RINO 1 functions, add a deprecation note. use by default RINO 2 , with crypto from php-encryption fallback to RINO 1 for old nodes.
This commit is contained in:
Fabrixxm
parent
7d83a19fd4
commit
6fbb02fb93
11 changed files with 1038 additions and 32 deletions
|
|
@ -4,6 +4,7 @@ require_once('library/simplepie/simplepie.inc');
|
|||
require_once('include/items.php');
|
||||
require_once('include/event.php');
|
||||
|
||||
require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
|
||||
|
||||
function dfrn_notify_post(&$a) {
|
||||
logger(__function__, LOGGER_TRACE);
|
||||
|
|
@ -12,6 +13,7 @@ function dfrn_notify_post(&$a) {
|
|||
$challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : '');
|
||||
$data = ((x($_POST,'data')) ? $_POST['data'] : '');
|
||||
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
|
||||
$rino_remote = ((x($_POST,'rino')) ? intval($_POST['rino']) : 0);
|
||||
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
|
||||
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
|
||||
$ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
|
||||
|
|
@ -130,7 +132,7 @@ function dfrn_notify_post(&$a) {
|
|||
if($importer['page-flags'] == PAGE_SOAPBOX)
|
||||
xml_status(0);
|
||||
|
||||
/** disable rino
|
||||
|
||||
if(strlen($key)) {
|
||||
$rawkey = hex2bin(trim($key));
|
||||
logger('rino: md5 raw key: ' . md5($rawkey));
|
||||
|
|
@ -153,11 +155,42 @@ function dfrn_notify_post(&$a) {
|
|||
}
|
||||
}
|
||||
|
||||
logger('rino: received key : ' . $final_key);
|
||||
$data = aes_decrypt(hex2bin($data),$final_key);
|
||||
#logger('rino: received key : ' . $final_key);
|
||||
|
||||
switch($rino_remote) {
|
||||
case 0:
|
||||
case 1:
|
||||
// we got a key. old code send only the key, without RINO version.
|
||||
// we assume RINO 1 if key and no RINO version
|
||||
$data = aes_decrypt(hex2bin($data),$final_key);
|
||||
break;
|
||||
case 2:
|
||||
try {
|
||||
$data = Crypto::decrypt(hex2bin($data),$final_key);
|
||||
} catch (InvalidCiphertext $ex) { // VERY IMPORTANT
|
||||
// Either:
|
||||
// 1. The ciphertext was modified by the attacker,
|
||||
// 2. The key is wrong, or
|
||||
// 3. $ciphertext is not a valid ciphertext or was corrupted.
|
||||
// Assume the worst.
|
||||
logger('The ciphertext has been tampered with!');
|
||||
xml_status(0,'The ciphertext has been tampered with!');
|
||||
} catch (Ex\CryptoTestFailed $ex) {
|
||||
logger('Cannot safely perform dencryption');
|
||||
xml_status(0,'CryptoTestFailed');
|
||||
} catch (Ex\CannotPerformOperation $ex) {
|
||||
logger('Cannot safely perform decryption');
|
||||
xml_status(0,'Cannot safely perform decryption');
|
||||
}
|
||||
break;
|
||||
default:
|
||||
logger("rino: invalid sent verision '$rino_remote'");
|
||||
xml_status(0);
|
||||
}
|
||||
|
||||
|
||||
logger('rino: decrypted data: ' . $data, LOGGER_DATA);
|
||||
}
|
||||
**/
|
||||
|
||||
$ret = local_delivery($importer,$data);
|
||||
xml_status($ret);
|
||||
|
|
@ -253,16 +286,14 @@ function dfrn_notify_content(&$a) {
|
|||
$challenge = bin2hex($challenge);
|
||||
$encrypted_id = bin2hex($encrypted_id);
|
||||
|
||||
/**
|
||||
* disable rino.
|
||||
$rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
|
||||
|
||||
$rino = get_config('system','rino_encrypt');
|
||||
|
||||
$rino_enable = get_config('system','rino_encrypt');
|
||||
|
||||
if(! $rino_enable)
|
||||
if(! $rino){
|
||||
$rino = 0;
|
||||
**/
|
||||
$rino = 0; $rino_enable = 0;
|
||||
} else {
|
||||
$rino = 2;
|
||||
}
|
||||
|
||||
if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) {
|
||||
$perm = 'rw';
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue