]> git.mxchange.org Git - friendica.git/commitdiff
Merge pull request #1683 from fabrixxm/issue-1655
authorMichael Vogel <icarus@dabo.de>
Sat, 27 Jun 2015 15:39:00 +0000 (17:39 +0200)
committerMichael Vogel <icarus@dabo.de>
Sat, 27 Jun 2015 15:39:00 +0000 (17:39 +0200)
Deprecate RINO1 function, implements RINO2, remove unused crypro functions

14 files changed:
htconfig.php
include/crypto.php
include/items.php
library/defuse/php-encryption-1.2.1/.travis.yml [new file with mode: 0644]
library/defuse/php-encryption-1.2.1/Crypto.php [new file with mode: 0644]
library/defuse/php-encryption-1.2.1/README.md [new file with mode: 0644]
library/defuse/php-encryption-1.2.1/benchmark.php [new file with mode: 0644]
library/defuse/php-encryption-1.2.1/composer.json [new file with mode: 0644]
library/defuse/php-encryption-1.2.1/example.php [new file with mode: 0644]
library/defuse/php-encryption-1.2.1/test.sh [new file with mode: 0644]
library/defuse/php-encryption-1.2.1/tests/runtime.php [new file with mode: 0644]
mod/admin.php
mod/dfrn_notify.php
view/templates/admin_site.tpl

index 4c88b6e742dbc70fa8edf38a6af0c1016f2d5432..25f334b79929c5dcb6a2fae02c3fcb7604d2e8d7 100644 (file)
@@ -61,12 +61,6 @@ $a->config['system']['directory_search_url'] = 'http://dir.friendica.com/directo
 
 $a->config['system']['huburl'] = '[internal]';
 
-// Server-to-server private message encryption (RINO) is allowed by default. 
-// Encryption will only be provided if this setting is true and the
-// PHP mcrypt extension is installed on both systems 
-
-$a->config['system']['rino_encrypt'] = true;
-
 // allowed themes (change this from admin panel after installation)
 
 $a->config['system']['allowed_themes'] = 'dispy,quattro,vier,darkzero,duepuntozero,greenzero,purplezero,slackr,diabook';
index ed0a35704e8a5c8f97ab7f26038828fd5b2fd53b..f5163a9dacbeb2bb8ccf8b3be23ff6de27a62546 100644 (file)
@@ -187,6 +187,7 @@ function salmon_key($pubkey) {
 
 
 if(! function_exists('aes_decrypt')) {
+// DEPRECATED IN 3.4.1
 function aes_decrypt($val,$ky)
 {
     $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
@@ -200,6 +201,7 @@ function aes_decrypt($val,$ky)
 
 
 if(! function_exists('aes_encrypt')) {
+// DEPRECATED IN 3.4.1
 function aes_encrypt($val,$ky)
 {
     $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
@@ -211,7 +213,6 @@ function aes_encrypt($val,$ky)
     return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
 }} 
 
-
 function pkcs5_pad ($text, $blocksize)
 {
     $pad = $blocksize - (strlen($text) % $blocksize);
@@ -226,40 +227,6 @@ function pkcs5_unpad($text)
     return substr($text, 0, -1 * $pad);
 } 
 
-function AES256CBC_encrypt($data,$key,$iv) {
-       return mcrypt_encrypt(
-               MCRYPT_RIJNDAEL_128, 
-               str_pad($key,32,"\0"), 
-               pkcs5_pad($data,16), 
-               MCRYPT_MODE_CBC, 
-               str_pad($iv,16,"\0"));
-}
-
-function AES256CBC_decrypt($data,$key,$iv) {
-       return pkcs5_unpad(mcrypt_decrypt(
-               MCRYPT_RIJNDAEL_128, 
-               str_pad($key,32,"\0"), 
-               $data, 
-               MCRYPT_MODE_CBC, 
-               str_pad($iv,16,"\0")));
-}
-
-function aes_encapsulate($data,$pubkey) {
-       $key = random_string(32,RANDOM_STRING_TEXT);
-       $iv  = random_string(16,RANDOM_STRING_TEXT);
-       $result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true);
-       openssl_public_encrypt($key,$k,$pubkey);
-       $result['key'] = base64url_encode($k,true);
-       openssl_public_encrypt($iv,$i,$pubkey);
-       $result['iv'] = base64url_encode($i,true);
-       return $result;
-}
-
-function aes_unencapsulate($data,$prvkey) {
-       openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey);
-       openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey);
-       return AES256CBC_decrypt(base64url_decode($data['data']),$k,$i);
-}
 
 function new_keypair($bits) {
 
index 2ff7bffbe3adccbafe7511c0bbcfddd3d796694e..475980d2dc972584aaef409cbf64134566b53c1a 100644 (file)
@@ -15,6 +15,9 @@ require_once('include/plaintext.php');
 require_once('include/ostatus.php');
 require_once('mod/share.php');
 
+require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
+
+
 function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false) {
 
 
@@ -1983,13 +1986,13 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
        if($contact['duplex'] && $contact['issued-id'])
                $idtosend = '1:' . $orig_id;
 
-       $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
-
-       $rino_enable = get_config('system','rino_encrypt');
+    
+       $rino = get_config('system','rino_encrypt');
+       $rino = intval($rino);
 
-       if(! $rino_enable)
-               $rino = 0;
+   
 
+       
        $ssl_val = intval(get_config('system','ssl_policy'));
        $ssl_policy = '';
 
@@ -2006,7 +2009,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
                        break;
        }
 
-       $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
+       $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino='.$rino : '');
 
        logger('dfrn_deliver: ' . $url);
 
@@ -2037,7 +2040,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
        $challenge    = hex2bin((string) $res->challenge);
        $perm         = (($res->perm) ? $res->perm : null);
        $dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
-       $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
+       $rino_remote_version = intval($res->rino);
        $page         = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
 
        if($owner['page-flags'] == PAGE_PRVGROUP)
@@ -2098,11 +2101,46 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
        if($page)
                $postvars['page'] = $page;
 
-       if($rino && $rino_allowed && (! $dissolve)) {
-               $key = substr(random_string(),0,16);
-               $data = bin2hex(aes_encrypt($postvars['data'],$key));
-               $postvars['data'] = $data;
-               logger('rino: sent key = ' . $key, LOGGER_DEBUG);
+
+       if($rino>0 && $rino_remote_version>0 && (! $dissolve)) {
+               logger('rino version: '. $rino_remote_version);
+
+               switch($rino_remote_version) {
+                       case 1:
+                               // Deprecated rino version!
+                               $key = substr(random_string(),0,16);
+                               $data = aes_encrypt($postvars['data'],$key);
+                               break;
+                       case 2:
+                               // RINO 2 based on php-encryption
+                               try {
+                                       $key = Crypto::createNewRandomKey();
+                               } catch (CryptoTestFailed $ex) {
+                                       logger('Cannot safely create a key');
+                                       return -1;
+                               } catch (CannotPerformOperation $ex) {
+                                       logger('Cannot safely create a key');
+                                       return -1; 
+                               }
+                               try {
+                                       $data = Crypto::encrypt($postvars['data'], $key);
+                               } catch (CryptoTestFailed $ex) {
+                                       logger('Cannot safely perform encryption');
+                                       return -1; 
+                               } catch (CannotPerformOperation $ex) {
+                                       logger('Cannot safely perform encryption');
+                                       return -1; 
+                               }
+                               break;
+                       default:
+                               logger("rino: invalid requested verision '$rino_remote_version'");
+                               return -1;
+               }
+               
+               $postvars['rino'] = $rino_remote_version;
+               $postvars['data'] = bin2hex($data);
+               
+               #logger('rino: sent key = ' . $key, LOGGER_DEBUG);
 
 
                if($dfrn_version >= 2.1) {
@@ -2129,6 +2167,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
 
                $postvars['key'] = bin2hex($postvars['key']);
        }
+       
 
        logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA);
 
diff --git a/library/defuse/php-encryption-1.2.1/.travis.yml b/library/defuse/php-encryption-1.2.1/.travis.yml
new file mode 100644 (file)
index 0000000..20ec31c
--- /dev/null
@@ -0,0 +1,22 @@
+language: php
+php:
+    - "5.6"
+    - "5.5"
+    - "5.4"
+    - "5.3"
+    - "5.2"
+# Versions below here are not installed on travis-ci
+#    - "5.1"
+#    - "5.0"
+#    - "4.4"
+#    - "4.3"
+#    - "4.2"
+#    - "4.1"
+#    - "4.0"
+    
+matrix:
+  allow_failures:
+    - php: "5.3"
+    - php: "5.2"
+
+script: ./test.sh
diff --git a/library/defuse/php-encryption-1.2.1/Crypto.php b/library/defuse/php-encryption-1.2.1/Crypto.php
new file mode 100644 (file)
index 0000000..60b5a62
--- /dev/null
@@ -0,0 +1,677 @@
+<?php
+
+/*
+ * PHP Encryption Library
+ * Copyright (c) 2014, Taylor Hornby
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, 
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation 
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Web: https://defuse.ca/secure-php-encryption.htm
+ * GitHub: https://github.com/defuse/php-encryption 
+ *
+ * WARNING: This encryption library is not a silver bullet. It only provides
+ * symmetric encryption given a uniformly random key. This means you MUST NOT
+ * use an ASCII string like a password as the key parameter, it MUST be
+ * a uniformly random key generated by CreateNewRandomKey(). If you want to
+ * encrypt something with a password, apply a password key derivation function
+ * like PBKDF2 or scrypt with a random salt to generate a key.
+ *
+ * WARNING: Error handling is very important, especially for crypto code! 
+ *
+ * How to use this code:
+ *
+ *     Generating a Key
+ *     ----------------
+ *       try {
+ *           $key = self::CreateNewRandomKey();
+ *           // WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
+ *           // they may leak the key to the attacker through side channels.
+ *       } catch (CryptoTestFailedException $ex) {
+ *           die('Cannot safely create a key');
+ *       } catch (CannotPerformOperationException $ex) {
+ *           die('Cannot safely create a key');
+ *       }
+ *
+ *     Encrypting a Message
+ *     --------------------
+ *       $message = "ATTACK AT DAWN";
+ *       try {
+ *           $ciphertext = self::Encrypt($message, $key);
+ *       } catch (CryptoTestFailedException $ex) {
+ *           die('Cannot safely perform encryption');
+ *       } catch (CannotPerformOperationException $ex) {
+ *           die('Cannot safely perform decryption');
+ *       }
+ *
+ *     Decrypting a Message
+ *     --------------------
+ *       try {
+ *           $decrypted = self::Decrypt($ciphertext, $key);
+ *       } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
+ *           // Either:
+ *           //   1. The ciphertext was modified by the attacker,
+ *           //   2. The key is wrong, or
+ *           //   3. $ciphertext is not a valid ciphertext or was corrupted.
+ *           // Assume the worst.
+ *           die('DANGER! DANGER! The ciphertext has been tampered with!');
+ *       } catch (CryptoTestFailedException $ex) {
+ *           die('Cannot safely perform encryption');
+ *       } catch (CannotPerformOperationException $ex) {
+ *           die('Cannot safely perform decryption');
+ *       }
+ */
+
+/* 
+ * Raised by Decrypt() when one of the following conditions are met:
+ *  - The key is wrong.
+ *  - The ciphertext is invalid or not in the correct format.
+ *  - The attacker modified the ciphertext.
+ */
+class InvalidCiphertextException extends Exception {}
+/* If you see these, it means it is NOT SAFE to do encryption on your system. */
+class CannotPerformOperationException extends Exception {}
+class CryptoTestFailedException extends Exception {}
+
+final class Crypto
+{
+    // Ciphertext format: [____HMAC____][____IV____][____CIPHERTEXT____].
+
+    /* DO NOT CHANGE THESE CONSTANTS! 
+     *
+     * We spent *weeks* testing this code, making sure it is as perfect and
+     * correct as possible. Are you going to do the same after making your
+     * changes? Probably not. Besides, any change to these constants will break
+     * the runtime tests, which are extremely important for your security.
+     * You're literally millions of times more likely to screw up your own
+     * security by changing something here than you are to fall victim to an
+     * 128-bit key brute-force attack. You're also breaking your own
+     * compatibility with future updates to this library, so you'll be left
+     * vulnerable if we ever find a security bug and release a fix.
+     *
+     * So, PLEASE, do not change these constants.
+     */
+    const CIPHER = 'aes-128';
+    const KEY_BYTE_SIZE = 16;
+    const CIPHER_MODE = 'cbc';
+    const HASH_FUNCTION = 'sha256';
+    const MAC_BYTE_SIZE = 32;
+    const ENCRYPTION_INFO = 'DefusePHP|KeyForEncryption';
+    const AUTHENTICATION_INFO = 'DefusePHP|KeyForAuthentication';
+
+    /*
+     * Use this to generate a random encryption key.
+     */
+    public static function CreateNewRandomKey()
+    {
+        self::RuntimeTest();
+        return self::SecureRandom(self::KEY_BYTE_SIZE);
+    }
+
+    /*
+     * Encrypts a message.
+     * $plaintext is the message to encrypt.
+     * $key is the encryption key, a value generated by CreateNewRandomKey().
+     * You MUST catch exceptions thrown by this function. See docs above.
+     */
+    public static function Encrypt($plaintext, $key)
+    {
+        self::RuntimeTest();
+
+        if (self::our_strlen($key) !== self::KEY_BYTE_SIZE)
+        {
+            throw new CannotPerformOperationException("Bad key.");
+        }
+
+        $method = self::CIPHER.'-'.self::CIPHER_MODE;
+        
+        self::EnsureFunctionExists('openssl_get_cipher_methods');
+        if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
+            throw new CannotPerformOperationException("Cipher method not supported.");
+        }
+        
+        // Generate a sub-key for encryption.
+        $keysize = self::KEY_BYTE_SIZE;
+        $ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
+
+        // Generate a random initialization vector.
+        self::EnsureFunctionExists("openssl_cipher_iv_length");
+        $ivsize = openssl_cipher_iv_length($method);
+        if ($ivsize === FALSE || $ivsize <= 0) {
+            throw new CannotPerformOperationException();
+        }
+        $iv = self::SecureRandom($ivsize);
+
+        $ciphertext = $iv . self::PlainEncrypt($plaintext, $ekey, $iv);
+
+        // Generate a sub-key for authentication and apply the HMAC.
+        $akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
+        $auth = hash_hmac(self::HASH_FUNCTION, $ciphertext, $akey, true);
+        $ciphertext = $auth . $ciphertext;
+
+        return $ciphertext;
+    }
+
+    /*
+     * Decrypts a ciphertext.
+     * $ciphertext is the ciphertext to decrypt.
+     * $key is the key that the ciphertext was encrypted with.
+     * You MUST catch exceptions thrown by this function. See docs above.
+     */
+    public static function Decrypt($ciphertext, $key)
+    {
+        self::RuntimeTest();
+        
+        $method = self::CIPHER.'-'.self::CIPHER_MODE;
+        
+        self::EnsureFunctionExists('openssl_get_cipher_methods');
+        if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
+            throw new CannotPerformOperationException("Cipher method not supported.");
+        }
+
+        // Extract the HMAC from the front of the ciphertext.
+        if (self::our_strlen($ciphertext) <= self::MAC_BYTE_SIZE) {
+            throw new InvalidCiphertextException();
+        }
+        $hmac = self::our_substr($ciphertext, 0, self::MAC_BYTE_SIZE);
+        if ($hmac === FALSE) {
+            throw new CannotPerformOperationException();
+        }
+        $ciphertext = self::our_substr($ciphertext, self::MAC_BYTE_SIZE);
+        if ($ciphertext === FALSE) {
+            throw new CannotPerformOperationException();
+        }
+
+        // Regenerate the same authentication sub-key.
+        $akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
+
+        if (self::VerifyHMAC($hmac, $ciphertext, $akey))
+        {
+            // Regenerate the same encryption sub-key.
+            $keysize = self::KEY_BYTE_SIZE;
+            $ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
+
+            // Extract the initialization vector from the ciphertext.
+            self::EnsureFunctionExists("openssl_cipher_iv_length");
+            $ivsize = openssl_cipher_iv_length($method);
+            if ($ivsize === FALSE || $ivsize <= 0) {
+                throw new CannotPerformOperationException();
+            }
+            if (self::our_strlen($ciphertext) <= $ivsize) {
+                throw new InvalidCiphertextException();
+            }
+            $iv = self::our_substr($ciphertext, 0, $ivsize);
+            if ($iv === FALSE) {
+                throw new CannotPerformOperationException();
+            }
+            $ciphertext = self::our_substr($ciphertext, $ivsize);
+            if ($ciphertext === FALSE) {
+                throw new CannotPerformOperationException();
+            }
+            
+            $plaintext = self::PlainDecrypt($ciphertext, $ekey, $iv);
+
+            return $plaintext;
+        }
+        else
+        {
+            /*
+             * We throw an exception instead of returning FALSE because we want
+             * a script that doesn't handle this condition to CRASH, instead
+             * of thinking the ciphertext decrypted to the value FALSE.
+             */
+             throw new InvalidCiphertextException();
+        }
+    }
+
+    /*
+     * Runs tests.
+     * Raises CannotPerformOperationException or CryptoTestFailedException if
+     * one of the tests fail. If any tests fails, your system is not capable of
+     * performing encryption, so make sure you fail safe in that case.
+     */
+    public static function RuntimeTest()
+    {
+        // 0: Tests haven't been run yet.
+        // 1: Tests have passed.
+        // 2: Tests are running right now.
+        // 3: Tests have failed.
+        static $test_state = 0;
+
+        if ($test_state === 1 || $test_state === 2) {
+            return;
+        }
+
+        try {
+            $test_state = 2;
+            self::AESTestVector();
+            self::HMACTestVector();
+            self::HKDFTestVector();
+
+            self::TestEncryptDecrypt();
+            if (self::our_strlen(self::CreateNewRandomKey()) != self::KEY_BYTE_SIZE) {
+                throw new CryptoTestFailedException();
+            }
+
+            if (self::ENCRYPTION_INFO == self::AUTHENTICATION_INFO) {
+                throw new CryptoTestFailedException();
+            }
+        } catch (CryptoTestFailedException $ex) {
+            // Do this, otherwise it will stay in the "tests are running" state.
+            $test_state = 3;
+            throw $ex;
+        }
+
+        // Change this to '0' make the tests always re-run (for benchmarking).
+        $test_state = 1;
+    }
+
+    /*
+     * Never call this method directly!
+     */
+    private static function PlainEncrypt($plaintext, $key, $iv)
+    {
+        
+        $method = self::CIPHER.'-'.self::CIPHER_MODE;
+        
+        self::EnsureConstantExists("OPENSSL_RAW_DATA");
+        self::EnsureFunctionExists("openssl_encrypt");
+        $ciphertext = openssl_encrypt(
+            $plaintext,
+            $method,
+            $key,
+            OPENSSL_RAW_DATA,
+            $iv
+        );
+        
+        if ($ciphertext === false) {
+            throw new CannotPerformOperationException();
+        }
+
+        return $ciphertext;
+    }
+
+    /*
+     * Never call this method directly!
+     */
+    private static function PlainDecrypt($ciphertext, $key, $iv)
+    {
+        
+        $method = self::CIPHER.'-'.self::CIPHER_MODE;
+        
+        self::EnsureConstantExists("OPENSSL_RAW_DATA");
+        self::EnsureFunctionExists("openssl_encrypt");
+        $plaintext = openssl_decrypt(
+            $ciphertext,
+            $method,
+            $key,
+            OPENSSL_RAW_DATA,
+            $iv
+        );
+        if ($plaintext === FALSE) {
+            throw new CannotPerformOperationException();
+        }
+        
+        return $plaintext;
+    }
+
+    /*
+     * Returns a random binary string of length $octets bytes.
+     */
+    private static function SecureRandom($octets)
+    {
+        self::EnsureFunctionExists("mcrypt_create_iv");
+        $random = mcrypt_create_iv($octets, MCRYPT_DEV_URANDOM);
+        if ($random === FALSE) {
+            throw new CannotPerformOperationException();
+        } else {
+            return $random;
+        }
+    }
+
+    /*
+     * Use HKDF to derive multiple keys from one.
+     * http://tools.ietf.org/html/rfc5869
+     */
+    private static function HKDF($hash, $ikm, $length, $info = '', $salt = NULL)
+    {
+        // Find the correct digest length as quickly as we can.
+        $digest_length = self::MAC_BYTE_SIZE;
+        if ($hash != self::HASH_FUNCTION) {
+            $digest_length = self::our_strlen(hash_hmac($hash, '', '', true));
+        }
+
+        // Sanity-check the desired output length.
+        if (empty($length) || !is_int($length) ||
+            $length < 0 || $length > 255 * $digest_length) {
+            throw new CannotPerformOperationException();
+        }
+
+        // "if [salt] not provided, is set to a string of HashLen zeroes."
+        if (is_null($salt)) {
+            $salt = str_repeat("\x00", $digest_length);
+        }
+
+        // HKDF-Extract:
+        // PRK = HMAC-Hash(salt, IKM)
+        // The salt is the HMAC key.
+        $prk = hash_hmac($hash, $ikm, $salt, true);
+
+        // HKDF-Expand:
+
+        // This check is useless, but it serves as a reminder to the spec.
+        if (self::our_strlen($prk) < $digest_length) {
+            throw new CannotPerformOperationException();
+        }
+
+        // T(0) = ''
+        $t = '';
+        $last_block = '';
+        for ($block_index = 1; self::our_strlen($t) < $length; $block_index++) {
+            // T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??)
+            $last_block = hash_hmac(
+                $hash,
+                $last_block . $info . chr($block_index),
+                $prk,
+                true
+            );
+            // T = T(1) | T(2) | T(3) | ... | T(N)
+            $t .= $last_block;
+        }
+
+        // ORM = first L octets of T
+        $orm = self::our_substr($t, 0, $length);
+        if ($orm === FALSE) {
+            throw new CannotPerformOperationException();
+        }
+        return $orm;
+    }
+
+    private static function VerifyHMAC($correct_hmac, $message, $key)
+    {
+        $message_hmac = hash_hmac(self::HASH_FUNCTION, $message, $key, true);
+
+        // We can't just compare the strings with '==', since it would make
+        // timing attacks possible. We could use the XOR-OR constant-time
+        // comparison algorithm, but I'm not sure if that's good enough way up
+        // here in an interpreted language. So we use the method of HMACing the 
+        // strings we want to compare with a random key, then comparing those.
+
+        // NOTE: This leaks information when the strings are not the same
+        // length, but they should always be the same length here. Enforce it:
+        if (self::our_strlen($correct_hmac) !== self::our_strlen($message_hmac)) {
+            throw new CannotPerformOperationException();
+        }
+
+        $blind = self::CreateNewRandomKey();
+        $message_compare = hash_hmac(self::HASH_FUNCTION, $message_hmac, $blind);
+        $correct_compare = hash_hmac(self::HASH_FUNCTION, $correct_hmac, $blind);
+        return $correct_compare === $message_compare;
+    }
+
+    private static function TestEncryptDecrypt()
+    {
+        $key = self::CreateNewRandomKey();
+        $data = "EnCrYpT EvErYThInG\x00\x00";
+
+        // Make sure encrypting then decrypting doesn't change the message.
+        $ciphertext = self::Encrypt($data, $key);
+        try {
+            $decrypted = self::Decrypt($ciphertext, $key);
+        } catch (InvalidCiphertextException $ex) {
+            // It's important to catch this and change it into a 
+            // CryptoTestFailedException, otherwise a test failure could trick
+            // the user into thinking it's just an invalid ciphertext!
+            throw new CryptoTestFailedException();
+        }
+        if($decrypted !== $data)
+        {
+            throw new CryptoTestFailedException();
+        }
+
+        // Modifying the ciphertext: Appending a string.
+        try {
+            self::Decrypt($ciphertext . "a", $key);
+            throw new CryptoTestFailedException();
+        } catch (InvalidCiphertextException $e) { /* expected */ }
+
+        // Modifying the ciphertext: Changing an IV byte.
+        try {
+            $ciphertext[0] = chr((ord($ciphertext[0]) + 1) % 256);
+            self::Decrypt($ciphertext, $key);
+            throw new CryptoTestFailedException();
+        } catch (InvalidCiphertextException $e) { /* expected */ }
+
+        // Decrypting with the wrong key.
+        $key = self::CreateNewRandomKey();
+        $data = "abcdef";
+        $ciphertext = self::Encrypt($data, $key);
+        $wrong_key = self::CreateNewRandomKey();
+        try {
+            self::Decrypt($ciphertext, $wrong_key);
+            throw new CryptoTestFailedException();
+        } catch (InvalidCiphertextException $e) { /* expected */ }
+
+        // Ciphertext too small (shorter than HMAC).
+        $key = self::CreateNewRandomKey();
+        $ciphertext = str_repeat("A", self::MAC_BYTE_SIZE - 1);
+        try {
+            self::Decrypt($ciphertext, $key);
+            throw new CryptoTestFailedException();
+        } catch (InvalidCiphertextException $e) { /* expected */ }
+    }
+
+    private static function HKDFTestVector()
+    {
+        // HKDF test vectors from RFC 5869
+
+        // Test Case 1
+        $ikm = str_repeat("\x0b", 22);
+        $salt = self::hexToBytes("000102030405060708090a0b0c");
+        $info = self::hexToBytes("f0f1f2f3f4f5f6f7f8f9");
+        $length = 42;
+        $okm = self::hexToBytes(
+            "3cb25f25faacd57a90434f64d0362f2a" .
+            "2d2d0a90cf1a5a4c5db02d56ecc4c5bf" .
+            "34007208d5b887185865"
+        );
+        $computed_okm = self::HKDF("sha256", $ikm, $length, $info, $salt);
+        if ($computed_okm !== $okm) {
+            throw new CryptoTestFailedException();
+        }
+
+        // Test Case 7
+        $ikm = str_repeat("\x0c", 22);
+        $length = 42;
+        $okm = self::hexToBytes(
+            "2c91117204d745f3500d636a62f64f0a" .
+            "b3bae548aa53d423b0d1f27ebba6f5e5" .
+            "673a081d70cce7acfc48"
+        );
+        $computed_okm = self::HKDF("sha1", $ikm, $length);
+        if ($computed_okm !== $okm) {
+            throw new CryptoTestFailedException();
+        }
+
+    }
+
+    private static function HMACTestVector()
+    {
+        // HMAC test vector From RFC 4231 (Test Case 1)
+        $key = str_repeat("\x0b", 20);
+        $data = "Hi There";
+        $correct = "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7";
+        if (hash_hmac(self::HASH_FUNCTION, $data, $key) != $correct) {
+            throw new CryptoTestFailedException();
+        }
+    }
+
+    private static function AESTestVector()
+    {
+        // AES CBC mode test vector from NIST SP 800-38A
+        $key = self::hexToBytes("2b7e151628aed2a6abf7158809cf4f3c");
+        $iv = self::hexToBytes("000102030405060708090a0b0c0d0e0f");
+        $plaintext = self::hexToBytes(
+            "6bc1bee22e409f96e93d7e117393172a" . 
+            "ae2d8a571e03ac9c9eb76fac45af8e51" .
+            "30c81c46a35ce411e5fbc1191a0a52ef" .
+            "f69f2445df4f9b17ad2b417be66c3710"
+        );
+        $ciphertext = self::hexToBytes(
+            "7649abac8119b246cee98e9b12e9197d" .
+            "5086cb9b507219ee95db113a917678b2" .
+            "73bed6b8e3c1743b7116e69e22229516" .
+            "3ff1caa1681fac09120eca307586e1a7" .
+            /* Block due to padding. Not from NIST test vector. 
+                Padding Block: 10101010101010101010101010101010
+                Ciphertext:    3ff1caa1681fac09120eca307586e1a7
+                           (+) 2fe1dab1780fbc19021eda206596f1b7 
+                           AES 8cb82807230e1321d3fae00d18cc2012
+             
+             */
+            "8cb82807230e1321d3fae00d18cc2012"
+        );
+
+        $computed_ciphertext = self::PlainEncrypt($plaintext, $key, $iv);
+        if ($computed_ciphertext !== $ciphertext) {
+            throw new CryptoTestFailedException();
+        }
+
+        $computed_plaintext = self::PlainDecrypt($ciphertext, $key, $iv);
+        if ($computed_plaintext !== $plaintext) {
+            throw new CryptoTestFailedException();
+        }
+    }
+
+    /* WARNING: Do not call this function on secrets. It creates side channels. */
+    private static function hexToBytes($hex_string)
+    {
+        return pack("H*", $hex_string);
+    }
+
+    private static function EnsureConstantExists($name)
+    {
+        if (!defined($name)) {
+            throw new CannotPerformOperationException();
+        }
+    }
+    
+    private static function EnsureFunctionExists($name)
+    {
+        if (!function_exists($name)) {
+            throw new CannotPerformOperationException();
+        }
+    }
+
+    /*
+     * We need these strlen() and substr() functions because when
+     * 'mbstring.func_overload' is set in php.ini, the standard strlen() and
+     * substr() are replaced by mb_strlen() and mb_substr().
+     */
+
+    private static function our_strlen($str)
+    {
+        if (function_exists('mb_strlen')) {
+            $length = mb_strlen($str, '8bit');
+            if ($length === FALSE) {
+                throw new CannotPerformOperationException();
+            }
+            return $length;
+        } else {
+            return strlen($str);
+        }
+    }
+
+    private static function our_substr($str, $start, $length = NULL)
+    {
+        if (function_exists('mb_substr'))
+        {
+            // mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP
+            // 5.3, so we have to find the length ourselves.
+            if (!isset($length)) {
+                if ($start >= 0) {
+                    $length = self::our_strlen($str) - $start;
+                } else {
+                    $length = -$start;
+                }
+            }
+
+            return mb_substr($str, $start, $length, '8bit');
+        }
+
+        // Unlike mb_substr(), substr() doesn't accept NULL for length
+        if (isset($length)) {
+            return substr($str, $start, $length);
+        } else {
+            return substr($str, $start);
+        }
+    }
+
+}
+
+/*
+ * We want to catch all uncaught exceptions that come from the Crypto class,
+ * since by default, PHP will leak the key in the stack trace from an uncaught
+ * exception. This is a really ugly hack, but I think it's justified.
+ *
+ * Everything up to handler() getting called should be reliable, so this should
+ * reliably suppress the stack traces. The rest is just a bonus so that we don't
+ * make it impossible to debug other exceptions.
+ *
+ * This bit of code was adapted from: http://stackoverflow.com/a/7939492
+ */
+
+class CryptoExceptionHandler
+{
+    private $rethrow = NULL;
+
+    public function __construct()
+    {
+        set_exception_handler(array($this, "handler"));
+    }
+
+    public function handler($ex)
+    {
+        if (
+            $ex instanceof InvalidCiphertextException ||
+            $ex instanceof CannotPerformOperationException ||
+            $ex instanceof CryptoTestFailedException
+        ) {
+            echo "FATAL ERROR: Uncaught crypto exception. Suppresssing output.\n";
+        } else {
+            /* Re-throw the exception in the destructor. */
+            $this->rethrow = $ex;
+        }
+    }
+
+    public function __destruct() {
+        if ($this->rethrow) {
+            throw $this->rethrow;
+        }
+    }
+}
+
+$crypto_exception_handler_object_dont_touch_me = new CryptoExceptionHandler();
+
diff --git a/library/defuse/php-encryption-1.2.1/README.md b/library/defuse/php-encryption-1.2.1/README.md
new file mode 100644 (file)
index 0000000..292ecf9
--- /dev/null
@@ -0,0 +1,79 @@
+php-encryption
+===============
+
+This is a class for doing symmetric encryption in PHP. **Requires PHP 5.4 or newer.**
+
+[![Build Status](https://travis-ci.org/defuse/php-encryption.svg?branch=master)](https://travis-ci.org/defuse/php-encryption)
+
+Implementation
+--------------
+
+Messages are encrypted with AES-128 in CBC mode and are authenticated with
+HMAC-SHA256 (Encrypt-then-Mac). PKCS7 padding is used to pad the message to
+a multiple of the block size. HKDF is used to split the user-provided key into
+two keys: one for encryption, and the other for authentication. It is
+implemented using the `openssl_` and `hash_hmac` functions.
+
+Warning
+--------
+
+This is new code, and it hasn't received much review by experts. I have spent
+many hours making it as secure as possible (extensive runtime tests, secure
+coding practices), and auditing it for problems, but I may have missed some
+issues. So be careful. Don't trust it with your life. Check out the open GitHub
+issues for a list of known issues. If you find a problem with this library,
+please report it by opening a GitHub issue.
+
+That said, you're probably much better off using this library than any other
+encryption library written in PHP. 
+
+Philosophy
+-----------
+
+This library was created after noticing how much insecure PHP encryption code
+there is. I once did a Google search for "php encryption" and found insecure
+code or advice on 9 of the top 10 results.
+
+Encryption is becoming an essential component of modern websites. This library
+aims to fulfil a subset of that need: Authenticated symmetric encryption of
+short strings, given a random key.
+
+This library is developed around several core values:
+
+- Rule #1: Security is prioritized over everything else.
+
+    > Whenever there is a conflict between security and some other property,
+    > security will be favored. For example, the library has runtime tests,
+    > which make it slower, but will hopefully stop it from encrypting stuff
+    > if the platform it's running on is broken.
+
+- Rule #2: It should be difficult to misuse the library.
+
+    > We assume the developers using this library have no experience with
+    > cryptography. We only assume that they know that the "key" is something
+    > you need to encrypt and decrypt the messages, and that it must be
+    > protected. Whenever possible, the library should refuse to encrypt or
+    > decrypt messages when it is not being used correctly.
+
+- Rule #3: The library aims only to be compatible with itself.
+
+    > Other PHP encryption libraries try to support every possible type of
+    > encryption, even the insecure ones (e.g. ECB mode). Because there are so
+    > many options, inexperienced developers must make decisions between
+    > things like "CBC" mode and "ECB" mode, knowing nothing about either one,
+    > which inevitably creates vulnerabilities.
+
+    > This library will only support one secure mode. A developer using this
+    > library will call "encrypt" and "decrypt" not caring about how they are
+    > implemented.
+
+- Rule #4: The library should consist of a single PHP file and nothing more.
+
+    > Some PHP encryption libraries, like libsodium-php [1], are not
+    > straightforward to install and cannot packaged with "just download and
+    > extract" applications. This library will always be just one PHP file
+    > that you can put in your source tree and require().
+
+References:
+
+    [1] https://github.com/jedisct1/libsodium-php
diff --git a/library/defuse/php-encryption-1.2.1/benchmark.php b/library/defuse/php-encryption-1.2.1/benchmark.php
new file mode 100644 (file)
index 0000000..3da61a6
--- /dev/null
@@ -0,0 +1,42 @@
+<?php
+
+require_once('Crypto.php');
+
+// Note: By default, the runtime tests are "cached" and not re-executed for
+// every call. To disable this, look at the RuntimeTest() function.
+
+$start = microtime(true);
+for ($i = 0; $i < 1000; $i++) {
+    $key = Crypto::CreateNewRandomKey();
+}
+$end = microtime(true);
+showResults("CreateNewRandomKey()", $start, $end, 1000);
+
+$start = microtime(true);
+for ($i = 0; $i < 100; $i++) {
+    $ciphertext = Crypto::Encrypt(
+        str_repeat("A", 1024*1024), 
+        str_repeat("B", 16)
+    );
+}
+$end = microtime(true);
+showResults("Encrypt(1MB)", $start, $end, 100);
+
+$start = microtime(true);
+for ($i = 0; $i < 1000; $i++) {
+    $ciphertext = Crypto::Encrypt(
+        str_repeat("A", 1024), 
+        str_repeat("B", 16)
+    );
+}
+$end = microtime(true);
+showResults("Encrypt(1KB)", $start, $end, 1000);
+
+function showResults($type, $start, $end, $count)
+{
+    $time = $end - $start;
+    $rate = $count / $time;
+    echo "$type: $rate calls/s\n";
+}
+
+?>
diff --git a/library/defuse/php-encryption-1.2.1/composer.json b/library/defuse/php-encryption-1.2.1/composer.json
new file mode 100644 (file)
index 0000000..6856b9c
--- /dev/null
@@ -0,0 +1,20 @@
+{
+    "name": "defuse/php-encryption",
+    "description": "Secure PHP Encryption Library",
+    "license": "MIT",
+    "keywords": ["security", "encryption", "AES", "mcrypt", "cipher"],
+    "authors": [
+        {
+            "name": "Taylor Hornby",
+            "email": "havoc@defuse.ca"
+        }
+    ],
+    "autoload": {
+        "files": ["Crypto.php"]
+    },
+    "require": {
+        "php":  ">=5.4.0",
+        "ext-openssl": "*",
+        "ext-mcrypt":  "*"
+    }
+}
diff --git a/library/defuse/php-encryption-1.2.1/example.php b/library/defuse/php-encryption-1.2.1/example.php
new file mode 100644 (file)
index 0000000..10e73f9
--- /dev/null
@@ -0,0 +1,36 @@
+<?php
+require_once('Crypto.php');
+  try {
+      $key = Crypto::CreateNewRandomKey();
+      // WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
+      // they may leak the key to the attacker through side channels.
+  } catch (CryptoTestFailedException $ex) {
+      die('Cannot safely create a key');
+  } catch (CannotPerformOperationException $ex) {
+      die('Cannot safely create a key');
+  }
+
+  $message = "ATTACK AT DAWN";
+  try {
+      $ciphertext = Crypto::Encrypt($message, $key);
+  } catch (CryptoTestFailedException $ex) {
+      die('Cannot safely perform encryption');
+  } catch (CannotPerformOperationException $ex) {
+      die('Cannot safely perform decryption');
+  }
+
+  try {
+      $decrypted = Crypto::Decrypt($ciphertext, $key);
+  } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
+      // Either:
+      //   1. The ciphertext was modified by the attacker,
+      //   2. The key is wrong, or
+      //   3. $ciphertext is not a valid ciphertext or was corrupted.
+      // Assume the worst.
+      die('DANGER! DANGER! The ciphertext has been tampered with!');
+  } catch (CryptoTestFailedException $ex) {
+      die('Cannot safely perform encryption');
+  } catch (CannotPerformOperationException $ex) {
+      die('Cannot safely perform decryption');
+  }
+?>
diff --git a/library/defuse/php-encryption-1.2.1/test.sh b/library/defuse/php-encryption-1.2.1/test.sh
new file mode 100644 (file)
index 0000000..d1691e7
--- /dev/null
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+echo "Normal"
+echo "--------------------------------------------------"
+php -d mbstring.func_overload=0 tests/runtime.php
+if [ $? -ne 0 ]; then
+    echo "FAIL."
+    exit 1
+fi
+echo "--------------------------------------------------"
+
+echo ""
+
+echo "Multibyte"
+echo "--------------------------------------------------"
+php -d mbstring.func_overload=7 tests/runtime.php
+if [ $? -ne 0 ]; then
+    echo "FAIL."
+    exit 1
+fi
+echo "--------------------------------------------------"
+
+echo ""
+
+if [ -z "$(php Crypto.php)" ]; then
+    echo "PASS: Crypto.php output is empty."
+else
+    echo "FAIL: Crypto.php output is not empty."
+    exit 1
+fi
diff --git a/library/defuse/php-encryption-1.2.1/tests/runtime.php b/library/defuse/php-encryption-1.2.1/tests/runtime.php
new file mode 100644 (file)
index 0000000..76565c5
--- /dev/null
@@ -0,0 +1,32 @@
+<?php
+
+// Set the encoding to something more "challenging."
+$ret = mb_internal_encoding('UTF-8');
+if ($ret === FALSE) {
+    echo "Couldn't set encoding.";
+    exit(1);
+}
+
+// Dump out the settings / encoding for future reference.
+$val = ini_get("mbstring.func_overload");
+echo "Settings: \n";
+echo "    func_overload: " . $val . "\n";
+echo "    mb_internal_encoding(): " . mb_internal_encoding() . "\n";
+
+// Perform the tests.
+require_once('Crypto.php');
+try {
+    Crypto::RuntimeTest();
+    echo "TEST PASSED!\n";
+    exit(0);
+} catch (CryptoTestFailedException $ex) {
+    echo "TEST FAILED!\n";
+    var_dump($ex);
+    exit(1);
+} catch (CannotPerformOperationException $ex) {
+    echo "TEST FAILED\n";
+    var_dump($ex);
+    exit(1);
+}
+
+?>
index abdf7162dfec79afa7b678369e97672adc8f1937..28a7a91e4be2eb14445147c5ca68355f4e07ab5d 100644 (file)
@@ -379,7 +379,9 @@ function admin_page_site_post(&$a){
        $proxy_disabled         =       ((x($_POST,'proxy_disabled'))           ? True                                          : False);
        $old_pager              =       ((x($_POST,'old_pager'))                ? True                                          : False);
        $only_tag_search        =       ((x($_POST,'only_tag_search'))          ? True                                          : False);
-
+       $rino                   =       ((x($_POST,'rino'))                             ? intval($_POST['rino'])                                : 0);
+       
+       
        if($ssl_policy != intval(get_config('system','ssl_policy'))) {
                if($ssl_policy == SSL_POLICY_FULL) {
                        q("update `contact` set
@@ -432,6 +434,7 @@ function admin_page_site_post(&$a){
        set_config('system','suppress_tags',$suppress_tags);
        set_config('system','shortcut_icon',$shortcut_icon);
        set_config('system','touch_icon',$touch_icon);
+       
        if ($banner==""){
                // don't know why, but del_config doesn't work...
                q("DELETE FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
@@ -515,6 +518,9 @@ function admin_page_site_post(&$a){
        set_config('system','old_pager', $old_pager);
        set_config('system','only_tag_search', $only_tag_search);
 
+       set_config('system','rino_encrypt', $rino);
+       
+       
        info( t('Site settings updated.') . EOL);
        goaway($a->get_baseurl(true) . '/admin/site' );
        return; // NOTREACHED
@@ -695,7 +701,10 @@ function admin_page_site(&$a) {
                '$only_tag_search'      => array('only_tag_search', t("Only search in tags"), get_config('system','only_tag_search'), t("On large systems the text search can slow down the system extremely.")),
 
                '$relocate_url'     => array('relocate_url', t("New base url"), $a->get_baseurl(), "Change base url for this server. Sends relocate message to all DFRN contacts of all users."),
-       '$form_security_token' => get_form_security_token("admin_site")
+               
+               '$rino'                 => array('rino', t("RINO Encryption"), intval(get_config('system','rino_encrypt')), t("Encryption layer between nodes."), array("Disabled", "RINO1 (deprecated)", "RINO2")),
+               
+               '$form_security_token' => get_form_security_token("admin_site")
 
        ));
 
index 43414dc87c5bf8e350c972c323fd82c0b01be747..874f17c77202a97b25c084603dd3b2c5f5aaf8e5 100644 (file)
@@ -4,6 +4,7 @@ require_once('library/simplepie/simplepie.inc');
 require_once('include/items.php');
 require_once('include/event.php');
 
+require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
 
 function dfrn_notify_post(&$a) {
     logger(__function__, LOGGER_TRACE);
@@ -12,6 +13,7 @@ function dfrn_notify_post(&$a) {
        $challenge    = ((x($_POST,'challenge'))    ? notags(trim($_POST['challenge'])) : '');
        $data         = ((x($_POST,'data'))         ? $_POST['data']                    : '');
        $key          = ((x($_POST,'key'))          ? $_POST['key']                     : '');
+       $rino_remote  = ((x($_POST,'rino'))         ? intval($_POST['rino'])            :  0);
        $dissolve     = ((x($_POST,'dissolve'))     ? intval($_POST['dissolve'])        :  0);
        $perm         = ((x($_POST,'perm'))         ? notags(trim($_POST['perm']))      : 'r');
        $ssl_policy   = ((x($_POST,'ssl_policy'))   ? notags(trim($_POST['ssl_policy'])): 'none');
@@ -130,8 +132,16 @@ function dfrn_notify_post(&$a) {
        if($importer['page-flags'] == PAGE_SOAPBOX)
                xml_status(0);
 
-
+       
        if(strlen($key)) {
+               
+               // if local rino is lower than remote rino, abort: should not happen!
+               // but only for $remote_rino > 1, because old code did't send rino version
+               if ($rino_remote_version > 1 && $rino < $rino_remote) {
+                       logger("rino version '$rino_remote' is lower than supported '$rino'");
+                       xml_status(0,"rino version '$rino_remote' is lower than supported '$rino'");
+               }
+               
                $rawkey = hex2bin(trim($key));
                logger('rino: md5 raw key: ' . md5($rawkey));
                $final_key = '';
@@ -153,12 +163,43 @@ function dfrn_notify_post(&$a) {
                        }
                }
 
-               logger('rino: received key : ' . $final_key);
-               $data = aes_decrypt(hex2bin($data),$final_key);
+               #logger('rino: received key : ' . $final_key);
+               
+               switch($rino_remote) {
+                       case 0:
+                       case 1:
+                               // we got a key. old code send only the key, without RINO version.
+                               // we assume RINO 1 if key and no RINO version
+                               $data = aes_decrypt(hex2bin($data),$final_key);
+                               break;
+                       case 2:
+                               try {
+                                       $data = Crypto::decrypt(hex2bin($data),$final_key);
+                               } catch (InvalidCiphertext $ex) { // VERY IMPORTANT
+                                       // Either:
+                                       //   1. The ciphertext was modified by the attacker,
+                                       //   2. The key is wrong, or
+                                       //   3. $ciphertext is not a valid ciphertext or was corrupted.
+                                       // Assume the worst.
+                                       logger('The ciphertext has been tampered with!');
+                                       xml_status(0,'The ciphertext has been tampered with!');
+                               } catch (Ex\CryptoTestFailed $ex) {
+                                       logger('Cannot safely perform dencryption');
+                                       xml_status(0,'CryptoTestFailed');
+                               } catch (Ex\CannotPerformOperation $ex) {
+                                       logger('Cannot safely perform decryption');
+                                       xml_status(0,'Cannot safely perform decryption');
+                               }
+                               break;
+                       default:
+                               logger("rino: invalid sent verision '$rino_remote'");
+                               xml_status(0);
+               }
+               
+               
                logger('rino: decrypted data: ' . $data, LOGGER_DATA);
        }
 
-
        $ret = local_delivery($importer,$data);
        xml_status($ret);
 
@@ -175,6 +216,7 @@ function dfrn_notify_content(&$a) {
 
                $dfrn_id = notags(trim($_GET['dfrn_id']));
                $dfrn_version = (float) $_GET['dfrn_version'];
+               $rino_remote = ((x($_GET,'rino')) ? intval($_GET['rino']) : 0);
                $type = "";
                $last_update = "";
 
@@ -253,13 +295,14 @@ function dfrn_notify_content(&$a) {
                $challenge    = bin2hex($challenge);
                $encrypted_id = bin2hex($encrypted_id);
 
-               $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
-
-               $rino_enable = get_config('system','rino_encrypt');
-
-               if(! $rino_enable)
-                       $rino = 0;
-
+               
+               $rino = get_config('system','rino_encrypt');
+               $rino = intval($rino);
+               
+               // if requested rino is lower than enabled local rino, lower local rino version
+               // if requested rino is higher than enabled local rino, reply with local rino
+               if ($rino_remote < $rino) $rino = $rino_remote;
+               
                if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) {
                        $perm = 'rw';
                }
index bcaed585c21216434d6bda92c22b50e3f8cd2cb7..34c590b2ea0eb655016b4a01b1b078442903ec77 100644 (file)
@@ -99,6 +99,7 @@
        <div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
        
        <h3>{{$advanced}}</h3>
+    {{include file="field_select.tpl" field=$rino}}
        {{include file="field_checkbox.tpl" field=$no_utf}}
        {{include file="field_checkbox.tpl" field=$verifyssl}}
        {{include file="field_input.tpl" field=$proxy}}