- else {
- if((($importer['duplex']) && strlen($importer['cpubkey'])) || (! strlen($importer['cprvkey']))) {
- openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']);
- }
- else {
- openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']);
- }
+
+ #logger('rino: received key : ' . $final_key);
+
+ switch($rino_remote) {
+ case 0:
+ case 1:
+ /*
+ *we got a key. old code send only the key, without RINO version.
+ * we assume RINO 1 if key and no RINO version
+ */
+ $data = dfrn::aes_decrypt(hex2bin($data), $final_key);
+ break;
+ case 2:
+ try {
+ $data = Crypto::decrypt(hex2bin($data), $final_key);
+ } catch (InvalidCiphertext $ex) { // VERY IMPORTANT
+ /*
+ * Either:
+ * 1. The ciphertext was modified by the attacker,
+ * 2. The key is wrong, or
+ * 3. $ciphertext is not a valid ciphertext or was corrupted.
+ * Assume the worst.
+ */
+ logger('The ciphertext has been tampered with!');
+ xml_status(0, 'The ciphertext has been tampered with!');
+ } catch (Ex\CryptoTestFailed $ex) {
+ logger('Cannot safely perform dencryption');
+ xml_status(0, 'CryptoTestFailed');
+ } catch (Ex\CannotPerformOperation $ex) {
+ logger('Cannot safely perform decryption');
+ xml_status(0, 'Cannot safely perform decryption');
+ }
+ break;
+ default:
+ logger("rino: invalid sent verision '$rino_remote'");
+ xml_status(0);