tobias/friendica
1
0
Fork 0
Code Pull requests Activity

Merge pull request #1683 from fabrixxm/issue-1655

Browse source 
Deprecate RINO1 function, implements RINO2, remove unused crypro functions
This commit is contained in:
Michael Vogel 2015-06-27 17:39:00 +02:00
commit b795bf2935
14 changed files with 1057 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

13
mod/admin.php
View file

@ -379,7 +379,9 @@ function admin_page_site_post(&$a){
$proxy_disabled = ((x($_POST,'proxy_disabled')) ? True : False);
$old_pager = ((x($_POST,'old_pager')) ? True : False);
$only_tag_search = ((x($_POST,'only_tag_search')) ? True : False);
$rino = ((x($_POST,'rino')) ? intval($_POST['rino']) : 0);
if($ssl_policy != intval(get_config('system','ssl_policy'))) {
if($ssl_policy == SSL_POLICY_FULL) {
q("update `contact` set
@ -432,6 +434,7 @@ function admin_page_site_post(&$a){
set_config('system','suppress_tags',$suppress_tags);
set_config('system','shortcut_icon',$shortcut_icon);
set_config('system','touch_icon',$touch_icon);
if ($banner==""){
// don't know why, but del_config doesn't work...
q("DELETE FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
@ -515,6 +518,9 @@ function admin_page_site_post(&$a){
set_config('system','old_pager', $old_pager);
set_config('system','only_tag_search', $only_tag_search);
set_config('system','rino_encrypt', $rino);
info( t('Site settings updated.') . EOL);
goaway($a->get_baseurl(true) . '/admin/site' );
return; // NOTREACHED
@ -695,7 +701,10 @@ function admin_page_site(&$a) {
'$only_tag_search' => array('only_tag_search', t("Only search in tags"), get_config('system','only_tag_search'), t("On large systems the text search can slow down the system extremely.")),
'$relocate_url' => array('relocate_url', t("New base url"), $a->get_baseurl(), "Change base url for this server. Sends relocate message to all DFRN contacts of all users."),
'$form_security_token' => get_form_security_token("admin_site")
'$rino' => array('rino', t("RINO Encryption"), intval(get_config('system','rino_encrypt')), t("Encryption layer between nodes."), array("Disabled", "RINO1 (deprecated)", "RINO2")),
'$form_security_token' => get_form_security_token("admin_site")
));

65
mod/dfrn_notify.php
View file

@ -4,6 +4,7 @@ require_once('library/simplepie/simplepie.inc');
require_once('include/items.php');
require_once('include/event.php');
require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
function dfrn_notify_post(&$a) {
logger(__function__, LOGGER_TRACE);
@ -12,6 +13,7 @@ function dfrn_notify_post(&$a) {
$challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : '');
$data = ((x($_POST,'data')) ? $_POST['data'] : '');
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
$rino_remote = ((x($_POST,'rino')) ? intval($_POST['rino']) : 0);
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
$ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
@ -130,8 +132,16 @@ function dfrn_notify_post(&$a) {
if($importer['page-flags'] == PAGE_SOAPBOX)
xml_status(0);
if(strlen($key)) {
// if local rino is lower than remote rino, abort: should not happen!
// but only for $remote_rino > 1, because old code did't send rino version
if ($rino_remote_version > 1 && $rino < $rino_remote) {
logger("rino version '$rino_remote' is lower than supported '$rino'");
xml_status(0,"rino version '$rino_remote' is lower than supported '$rino'");
}
$rawkey = hex2bin(trim($key));
logger('rino: md5 raw key: ' . md5($rawkey));
$final_key = '';
@ -153,12 +163,43 @@ function dfrn_notify_post(&$a) {
}
}
logger('rino: received key : ' . $final_key);
$data = aes_decrypt(hex2bin($data),$final_key);
#logger('rino: received key : ' . $final_key);
switch($rino_remote) {
case 0:
case 1:
// we got a key. old code send only the key, without RINO version.
// we assume RINO 1 if key and no RINO version
$data = aes_decrypt(hex2bin($data),$final_key);
break;
case 2:
try {
$data = Crypto::decrypt(hex2bin($data),$final_key);
} catch (InvalidCiphertext $ex) { // VERY IMPORTANT
// Either:
// 1. The ciphertext was modified by the attacker,
// 2. The key is wrong, or
// 3. $ciphertext is not a valid ciphertext or was corrupted.
// Assume the worst.
logger('The ciphertext has been tampered with!');
xml_status(0,'The ciphertext has been tampered with!');
} catch (Ex\CryptoTestFailed $ex) {
logger('Cannot safely perform dencryption');
xml_status(0,'CryptoTestFailed');
} catch (Ex\CannotPerformOperation $ex) {
logger('Cannot safely perform decryption');
xml_status(0,'Cannot safely perform decryption');
}
break;
default:
logger("rino: invalid sent verision '$rino_remote'");
xml_status(0);
}
logger('rino: decrypted data: ' . $data, LOGGER_DATA);
}
$ret = local_delivery($importer,$data);
xml_status($ret);
@ -175,6 +216,7 @@ function dfrn_notify_content(&$a) {
$dfrn_id = notags(trim($_GET['dfrn_id']));
$dfrn_version = (float) $_GET['dfrn_version'];
$rino_remote = ((x($_GET,'rino')) ? intval($_GET['rino']) : 0);
$type = "";
$last_update = "";
@ -253,13 +295,14 @@ function dfrn_notify_content(&$a) {
$challenge = bin2hex($challenge);
$encrypted_id = bin2hex($encrypted_id);
$rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
$rino_enable = get_config('system','rino_encrypt');
if(! $rino_enable)
$rino = 0;
$rino = get_config('system','rino_encrypt');
$rino = intval($rino);
// if requested rino is lower than enabled local rino, lower local rino version
// if requested rino is higher than enabled local rino, reply with local rino
if ($rino_remote < $rino) $rino = $rino_remote;
if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) {
$perm = 'rw';
}