require_once("include/pgettext.php");
-define ( 'FRIENDIKA_VERSION', '2.2.1066' );
+define ( 'FRIENDIKA_VERSION', '2.2.1067' );
define ( 'DFRN_PROTOCOL_VERSION', '2.21' );
define ( 'DB_UPDATE_VERSION', 1079 );
+++ /dev/null
-<?php
-
-require_once('library/ASNValue.class.php');
-
-function DerToPem($Der, $Private=false)
-{
- //Encode:
- $Der = base64_encode($Der);
- //Split lines:
- $lines = str_split($Der, 65);
- $body = implode("\n", $lines);
- //Get title:
- $title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
- //Add wrapping:
- $result = "-----BEGIN {$title}-----\n";
- $result .= $body . "\n";
- $result .= "-----END {$title}-----\n";
-
- return $result;
-}
-
-function DerToRsa($Der)
-{
- //Encode:
- $Der = base64_encode($Der);
- //Split lines:
- $lines = str_split($Der, 65);
- $body = implode("\n", $lines);
- //Get title:
- $title = 'RSA PUBLIC KEY';
- //Add wrapping:
- $result = "-----BEGIN {$title}-----\n";
- $result .= $body . "\n";
- $result .= "-----END {$title}-----\n";
-
- return $result;
-}
-
-
-function pkcs8_encode($Modulus,$PublicExponent) {
- //Encode key sequence
- $modulus = new ASNValue(ASNValue::TAG_INTEGER);
- $modulus->SetIntBuffer($Modulus);
- $publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
- $publicExponent->SetIntBuffer($PublicExponent);
- $keySequenceItems = array($modulus, $publicExponent);
- $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
- $keySequence->SetSequence($keySequenceItems);
- //Encode bit string
- $bitStringValue = $keySequence->Encode();
- $bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte
- $bitString = new ASNValue(ASNValue::TAG_BITSTRING);
- $bitString->Value = $bitStringValue;
- //Encode body
- $bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode();
- $body = new ASNValue(ASNValue::TAG_SEQUENCE);
- $body->Value = $bodyValue;
- //Get DER encoded public key:
- $PublicDER = $body->Encode();
- return $PublicDER;
-}
-
-
-function pkcs1_encode($Modulus,$PublicExponent) {
- //Encode key sequence
- $modulus = new ASNValue(ASNValue::TAG_INTEGER);
- $modulus->SetIntBuffer($Modulus);
- $publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
- $publicExponent->SetIntBuffer($PublicExponent);
- $keySequenceItems = array($modulus, $publicExponent);
- $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
- $keySequence->SetSequence($keySequenceItems);
- //Encode bit string
- $bitStringValue = $keySequence->Encode();
- return $bitStringValue;
-}
-
-
-function metopem($m,$e) {
- $der = pkcs8_encode($m,$e);
- $key = DerToPem($der,false);
- return $key;
-}
-
-
-function pubrsatome($key,&$m,&$e) {
- require_once('library/asn1.php');
- require_once('include/salmon.php');
-
- $lines = explode("\n",$key);
- unset($lines[0]);
- unset($lines[count($lines)]);
- $x = base64_decode(implode('',$lines));
-
- $r = ASN_BASE::parseASNString($x);
-
- $m = base64url_decode($r[0]->asnData[0]->asnData);
- $e = base64url_decode($r[0]->asnData[1]->asnData);
-}
-
-
-function rsatopem($key) {
- pubrsatome($key,$m,$e);
- return(metopem($m,$e));
-}
-
-function pemtorsa($key) {
- pemtome($key,$m,$e);
- return(metorsa($m,$e));
-}
-
-function pemtome($key,&$m,&$e) {
- require_once('include/salmon.php');
- $lines = explode("\n",$key);
- unset($lines[0]);
- unset($lines[count($lines)]);
- $x = base64_decode(implode('',$lines));
-
- $r = ASN_BASE::parseASNString($x);
-
- $m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);
- $e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
-}
-
-function metorsa($m,$e) {
- $der = pkcs1_encode($m,$e);
- $key = DerToRsa($der);
- return $key;
-}
-
--- /dev/null
+<?php
+
+require_once('library/ASNValue.class.php');
+require_once('library/asn1.php');
+
+
+function rsa_sign($data,$key) {
+
+ $sig = '';
+ if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+ openssl_sign($data,$sig,$key,'sha256');
+ }
+ else {
+ if(strlen($key) < 1024 || extension_loaded('gmp')) {
+ require_once('library/phpsec/Crypt/RSA.php');
+ $rsa = new CRYPT_RSA();
+ $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
+ $rsa->setHash('sha256');
+ $rsa->loadKey($key);
+ $sig = $rsa->sign($data);
+ }
+ else {
+ logger('rsa_sign: insecure algorithm used. Please upgrade PHP to 5.3');
+ openssl_private_encrypt(hex2bin('3031300d060960864801650304020105000420') . hash('sha256',$data,true), $sig, $key);
+ }
+ }
+ return $sig;
+}
+
+function rsa_verify($data,$sig,$key) {
+
+ if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+ $verify = openssl_verify($data,$sig,$key,'sha256');
+ }
+ else {
+ if(strlen($key) <= 300 || extension_loaded('gmp')) {
+ require_once('library/phpsec/Crypt/RSA.php');
+ $rsa = new CRYPT_RSA();
+ $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
+ $rsa->setHash('sha256');
+ $rsa->loadKey($key);
+ $verify = $rsa->verify($data,$sig);
+ }
+ else {
+ // fallback sha256 verify for PHP < 5.3 and large key lengths
+ $rawsig = '';
+ openssl_public_decrypt($sig,$rawsig,$key);
+ $verify = (($rawsig && substr($rawsig,-32) === hash('sha256',$data,true)) ? true : false);
+ }
+ }
+ return $verify;
+}
+
+
+function DerToPem($Der, $Private=false)
+{
+ //Encode:
+ $Der = base64_encode($Der);
+ //Split lines:
+ $lines = str_split($Der, 65);
+ $body = implode("\n", $lines);
+ //Get title:
+ $title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
+ //Add wrapping:
+ $result = "-----BEGIN {$title}-----\n";
+ $result .= $body . "\n";
+ $result .= "-----END {$title}-----\n";
+
+ return $result;
+}
+
+function DerToRsa($Der)
+{
+ //Encode:
+ $Der = base64_encode($Der);
+ //Split lines:
+ $lines = str_split($Der, 65);
+ $body = implode("\n", $lines);
+ //Get title:
+ $title = 'RSA PUBLIC KEY';
+ //Add wrapping:
+ $result = "-----BEGIN {$title}-----\n";
+ $result .= $body . "\n";
+ $result .= "-----END {$title}-----\n";
+
+ return $result;
+}
+
+
+function pkcs8_encode($Modulus,$PublicExponent) {
+ //Encode key sequence
+ $modulus = new ASNValue(ASNValue::TAG_INTEGER);
+ $modulus->SetIntBuffer($Modulus);
+ $publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
+ $publicExponent->SetIntBuffer($PublicExponent);
+ $keySequenceItems = array($modulus, $publicExponent);
+ $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
+ $keySequence->SetSequence($keySequenceItems);
+ //Encode bit string
+ $bitStringValue = $keySequence->Encode();
+ $bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte
+ $bitString = new ASNValue(ASNValue::TAG_BITSTRING);
+ $bitString->Value = $bitStringValue;
+ //Encode body
+ $bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode();
+ $body = new ASNValue(ASNValue::TAG_SEQUENCE);
+ $body->Value = $bodyValue;
+ //Get DER encoded public key:
+ $PublicDER = $body->Encode();
+ return $PublicDER;
+}
+
+
+function pkcs1_encode($Modulus,$PublicExponent) {
+ //Encode key sequence
+ $modulus = new ASNValue(ASNValue::TAG_INTEGER);
+ $modulus->SetIntBuffer($Modulus);
+ $publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
+ $publicExponent->SetIntBuffer($PublicExponent);
+ $keySequenceItems = array($modulus, $publicExponent);
+ $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
+ $keySequence->SetSequence($keySequenceItems);
+ //Encode bit string
+ $bitStringValue = $keySequence->Encode();
+ return $bitStringValue;
+}
+
+
+function metopem($m,$e) {
+ $der = pkcs8_encode($m,$e);
+ $key = DerToPem($der,false);
+ return $key;
+}
+
+
+function pubrsatome($key,&$m,&$e) {
+ require_once('library/asn1.php');
+ require_once('include/salmon.php');
+
+ $lines = explode("\n",$key);
+ unset($lines[0]);
+ unset($lines[count($lines)]);
+ $x = base64_decode(implode('',$lines));
+
+ $r = ASN_BASE::parseASNString($x);
+
+ $m = base64url_decode($r[0]->asnData[0]->asnData);
+ $e = base64url_decode($r[0]->asnData[1]->asnData);
+}
+
+
+function rsatopem($key) {
+ pubrsatome($key,$m,$e);
+ return(metopem($m,$e));
+}
+
+function pemtorsa($key) {
+ pemtome($key,$m,$e);
+ return(metorsa($m,$e));
+}
+
+function pemtome($key,&$m,&$e) {
+ require_once('include/salmon.php');
+ $lines = explode("\n",$key);
+ unset($lines[0]);
+ unset($lines[count($lines)]);
+ $x = base64_decode(implode('',$lines));
+
+ $r = ASN_BASE::parseASNString($x);
+
+ $m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);
+ $e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
+}
+
+function metorsa($m,$e) {
+ $der = pkcs1_encode($m,$e);
+ $key = DerToRsa($der);
+ return $key;
+}
+
+function salmon_key($pubkey) {
+ pemtome($pubkey,$m,$e);
+ return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
+}
<?php
-require_once('include/certfns.php');
+require_once('include/crypto.php');
function receive_return($val) {
$signable_data = $data . '.' . base64url_encode($type) . "\n" . '.'
. base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
- $signature = '';
- $result = openssl_sign($signable_data,$signature,$prvkey,'SHA256');
-
+ $signature = rsa_sign($signable_data,$prvkey);
$sig = base64url_encode($signature);
$decrypted_header = <<< EOT
if(! $author_link) {
logger('mod-diaspora: Could not retrieve author URI.');
- receive_return(400);
+ http_status_exit(400);
}
// Once we have the author URI, go to the web and try to find their public key
if(! $key) {
logger('mod-diaspora: Could not retrieve author key.');
- receive_return(400);
+ http_status_exit(400);
}
- $verify = false;
-
- if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
- $verify = openssl_verify($signed_data,$signature,$key,'sha256');
- }
- else {
- // fallback sha256 verify for PHP < 5.3
- $rawsig = '';
- $hash = hash('sha256',$signed_data,true);
- openssl_public_decrypt($signature,$rawsig,$key);
- $verify = (($rawsig && substr($rawsig,-32) === $hash) ? true : false);
- }
+ $verify = rsa_verify($signed_data,$signature,$key);
if(! $verify) {
logger('mod-diaspora: Message did not verify. Discarding.');
- receive_return(400);
+ http_status_exit(400);
}
logger('mod-diaspora: Message verified.');
}}
+if(! function_exists('http_status_exit')) {
+function http_status_exit($val) {
+
+ if($val >= 400)
+ $err = 'Error';
+ if($val >= 200 && $val < 300)
+ $err = 'OK';
+
+ logger('http_status_exit ' . $val);
+ header($_SERVER["SERVER_PROTOCOL"] . ' ' . $val . ' ' . $err);
+ killme();
+
+}}
+
// convert an XML document to a normalised, case-corrected array
// used by webfinger
<?php
-require_once('library/asn1.php');
+require_once('include/crypto.php');
-function salmon_key($pubkey) {
- $lines = explode("\n",$pubkey);
- unset($lines[0]);
- unset($lines[count($lines)]);
- $x = base64_decode(implode('',$lines));
-
- $r = ASN_BASE::parseASNString($x);
-
- $m = $r[0]->asnData[1]->asnData[0]->asnData[0]->asnData;
- $e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData;
-
-
- return 'RSA' . '.' . $m . '.' . $e ;
-}
function get_salmon_key($uri,$keyhash) {
$algorithm = 'RSA-SHA256';
$keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true);
- // Setup RSA stuff to PKCS#1 sign the data
-
- require_once('library/phpsec/Crypt/RSA.php');
-
- $rsa = new CRYPT_RSA();
- $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
- $rsa->setHash('sha256');
- $rsa->loadKey($owner['sprvkey']);
-
// precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods
$precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
- $signature = base64url_encode($rsa->sign(str_replace('=','',$data . $precomputed),true));
+ $signature = base64url_encode(rsa_sign(str_replace('=','',$data . $precomputed),true),$owner['sprvkey']);
- $signature2 = base64url_encode($rsa->sign($data . $precomputed));
+ $signature2 = base64url_encode(rsa_sign($data . $precomputed),$owner['sprvkey']);
- $signature3 = base64url_encode($rsa->sign($data));
+ $signature3 = base64url_encode(rsa_sign($data),$owner['sprvkey']);
$salmon_tpl = get_markup_template('magicsig.tpl');
$a = get_app();
return str_replace(
- array( '<3', '</3', '<\\3', ':-)', ':)', ';-)', ':-(', ':(', ':-P', ':P', ':-"', ':-x', ':-X', ':-D', '8-|', '8-O'),
+ array( '<3', '</3', '<\\3', ':-)', ':)', ';-)', ':-(', ':(', ':-P', ':P', ':-"', ':-x', ':-X', ':-D', '8-|', '8-O', '~friendika' ),
array(
'<img src="' . $a->get_baseurl() . '/images/smiley-heart.gif" alt="<3" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="</3" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-X" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":-D" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-|" />',
- '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />'
+ '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />',
+ '<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>',
+
), $s);
}}
require_once('include/salmon.php');
-require_once('include/certfns.php');
+require_once('include/crypto.php');
require_once('include/diaspora.php');
// complicated process to try and sort out.
require_once('include/salmon.php');
+require_once('include/crypto.php');
require_once('library/simplepie/simplepie.inc');
function salmon_return($val) {
dbesc($nick)
);
if(! count($r))
- salmon_return(500);
+ http_status_exit(500);
$importer = $r[0];
if(! $base) {
logger('mod-salmon: unable to locate salmon data in xml ');
- salmon_return(400);
+ http_status_exit(400);
}
// Stash the signature away for now. We have to find their key or it won't be good for anything.
if(! $author_link) {
logger('mod-salmon: Could not retrieve author URI.');
- salmon_return(400);
+ http_status_exit(400);
}
// Once we have the author URI, go to the web and try to find their public key
if(! $key) {
logger('mod-salmon: Could not retrieve author key.');
- salmon_return(400);
+ http_status_exit(400);
}
- // Setup RSA stuff to verify the signature
-
- require_once('library/phpsec/Crypt/RSA.php');
-
- $rsa = new CRYPT_RSA();
- $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
- $rsa->setHash('sha256');
- $rsa->loadKey($prvkey);
-
- $sig = $rsa->sign($data);
-
- require_once('library/phpsec/Crypt/RSA.php');
-
$key_info = explode('.',$key);
$m = base64url_decode($key_info[1]);
$e = base64url_decode($key_info[2]);
- logger('mod-salmon: key details: ' . print_r($key_info,true));
-
- $rsa = new CRYPT_RSA();
- $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
- $rsa->setHash('sha256');
+ logger('mod-salmon: key details: ' . print_r($key_info,true), LOGGER_DEBUG);
- $rsa->modulus = new Math_BigInteger($m, 256);
- $rsa->k = strlen($rsa->modulus->toBytes());
- $rsa->exponent = new Math_BigInteger($e, 256);
+ $pubkey = metopem($m,$e);
// We should have everything we need now. Let's see if it verifies.
- $verify = $rsa->verify($compliant_format,$signature);
+ $verify = rsa_verify($compliant_format,$signature,$pubkey);
if(! $verify) {
logger('mod-salmon: message did not verify using protocol. Trying padding hack.');
- $verify = $rsa->verify($signed_data,$signature);
+ $verify = rsa_verify($signed_data,$signature,$pubkey);
}
if(! $verify) {
logger('mod-salmon: message did not verify using padding. Trying old statusnet hack.');
- $verify = $rsa->verify($stnet_signed_data,$signature);
+ $verify = rsa_verify($stnet_signed_data,$signature,$pubkey);
}
if(! $verify) {
logger('mod-salmon: Message did not verify. Discarding.');
- salmon_return(400);
+ http_status_exit(400);
}
logger('mod-salmon: Message verified.');
if((count($r)) && (($r[0]['readonly']) || ($r[0]['rel'] == CONTACT_IS_FOLLOWER) || ($r[0]['blocked']))) {
logger('mod-salmon: Ignoring this author.');
- salmon_return(202);
+ http_status_exit(202);
// NOTREACHED
}
consume_feed($feedxml,$importer,$contact_rec,$hub);
- salmon_return(200);
+ http_status_exit(200);
}
<?php
-require_once('salmon.php');
-require_once('certfns.php');
+require_once('include/crypto.php');
-function xrd_content(&$a) {
+function xrd_init(&$a) {
$uri = urldecode(notags(trim($_GET['uri'])));
if(! count($r))
killme();
- $salmon_key = str_replace('=','',salmon_key($r[0]['spubkey']));
+ $salmon_key = salmon_key($r[0]['spubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
- $dspr_enabled = get_config('system','diaspora_enabled');
-
- if($dspr_enabled) {
+ if(get_config('system','diaspora_enabled')) {
$tpl = file_get_contents('view/xrd_diaspora.tpl');
$dspr = replace_macros($tpl,array(
'$baseurl' => $a->get_baseurl(),
else
$dspr = '';
-
$tpl = file_get_contents('view/xrd_person.tpl');
$o = replace_macros($tpl, array(
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
- echo $o;
+ echo $arr['xml'];
killme();
}
projects / friendica.git / commitdiff
