From: Hypolite Petovan Date: Fri, 19 Jan 2018 01:15:26 +0000 (-0500) Subject: Add RINO version 3 encrypt/decrypt X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=7af6cc8454cb7756f095453e36771f554c19244b;p=friendica.git Add RINO version 3 encrypt/decrypt - Add legacy decrypt of RINO2 - Add fallback to RINO1 to encrypt --- diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index b81f26db9d..0d7e4bc7ef 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -6,6 +6,10 @@ * @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf */ +use Defuse\Crypto\Crypto; +use Defuse\Crypto\Exception\EnvironmentIsBrokenException; +use Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException; +use Defuse\Crypto\Key; use Friendica\App; use Friendica\Core\Config; use Friendica\Database\DBM; @@ -179,8 +183,8 @@ function dfrn_notify_post(App $a) { break; case 2: try { - $data = \Crypto::decrypt(hex2bin($data), $final_key); - } catch (\InvalidCiphertextException $ex) { // VERY IMPORTANT + $data = Crypto::legacyDecrypt(hex2bin($data), $final_key); + } catch (WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT /* * Either: * 1. The ciphertext was modified by the attacker, @@ -190,12 +194,28 @@ function dfrn_notify_post(App $a) { */ logger('The ciphertext has been tampered with!'); xml_status(0, 'The ciphertext has been tampered with!'); - } catch (\CryptoTestFailedException $ex) { - logger('Cannot safely perform dencryption'); - xml_status(0, 'CryptoTestFailed'); - } catch (\CannotPerformOperationException $ex) { + } catch (EnvironmentIsBrokenException $ex) { logger('Cannot safely perform decryption'); - xml_status(0, 'Cannot safely perform decryption'); + xml_status(0, 'Environment is broken'); + } + break; + case 3: + $KeyObject = Key::loadFromAsciiSafeString($final_key); + try { + $data = Crypto::decrypt(hex2bin($data), $KeyObject); + } catch (WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT + /* + * Either: + * 1. The ciphertext was modified by the attacker, + * 2. The key is wrong, or + * 3. $ciphertext is not a valid ciphertext or was corrupted. + * Assume the worst. + */ + logger('The ciphertext has been tampered with!'); + xml_status(0, 'The ciphertext has been tampered with!'); + } catch (EnvironmentIsBrokenException $ex) { + logger('Cannot safely perform decryption'); + xml_status(0, 'Environment is broken'); } break; default: diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index c05b5b3d63..bfe2fafaa8 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -8,6 +8,9 @@ */ namespace Friendica\Protocol; +use Defuse\Crypto\Crypto; +use Defuse\Crypto\Exception\EnvironmentIsBrokenException; +use Defuse\Crypto\Key; use Friendica\App; use Friendica\Content\OEmbed; use Friendica\Core\Config; @@ -22,11 +25,14 @@ use Friendica\Model\Term; use Friendica\Model\User; use Friendica\Object\Image; use Friendica\Protocol\OStatus; +use Friendica\Util\Crypto as FriendicaCrypto; use Friendica\Util\XML; use dba; use DOMDocument; use DOMXPath; +use HTMLPurifier; +use HTMLPurifier_Config; require_once 'boot.php'; require_once 'include/dba.php'; @@ -465,7 +471,7 @@ class DFRN /* get site pubkey. this could be a new installation with no site keys*/ $pubkey = Config::get('system', 'site_pubkey'); if (! $pubkey) { - $res = Crypto::newKeypair(1024); + $res = FriendicaCrypto::newKeypair(1024); Config::set('system', 'site_prvkey', $res['prvkey']); Config::set('system', 'site_pubkey', $res['pubkey']); } @@ -1291,30 +1297,29 @@ class DFRN switch ($rino_remote_version) { case 1: + case 2: + $rino = 1; + $rino_remote_version = 1; // Deprecated rino version! $key = openssl_random_pseudo_bytes(16); $data = self::aesEncrypt($postvars['data'], $key); break; - case 2: - // RINO 2 based on php-encryption + case 3: try { - $key = \Crypto::CreateNewRandomKey(); - } catch (\CryptoTestFailedException $ex) { + $KeyObject = Key::createNewRandomKey(); + } catch (EnvironmentIsBrokenException $ex) { logger('Cannot safely create a key'); return -4; - } catch (\CannotPerformOperationException $ex) { - logger('Cannot safely create a key'); - return -5; } + try { - $data = \Crypto::Encrypt($postvars['data'], $key); - } catch (\CryptoTestFailedException $ex) { + $data = Crypto::encrypt($postvars['data'], $key); + } catch (EnvironmentIsBrokenException $ex) { logger('Cannot safely perform encryption'); return -6; - } catch (\CannotPerformOperationException $ex) { - logger('Cannot safely perform encryption'); - return -7; } + + $key = $KeyObject->saveToAsciiSafeString(); break; default: logger("rino: invalid requested version '$rino_remote_version'"); @@ -2489,13 +2494,13 @@ class DFRN $item['body'] = OEmbed::HTML2BBCode($item['body']); - $config = \HTMLPurifier_Config::createDefault(); + $config = HTMLPurifier_Config::createDefault(); $config->set('Cache.DefinitionImpl', null); // we shouldn't need a whitelist, because the bbcode converter // will strip out any unsupported tags. - $purifier = new \HTMLPurifier($config); + $purifier = new HTMLPurifier($config); $item['body'] = $purifier->purify($item['body']); $item['body'] = @html2bbcode($item['body']);