From acd65aade17c2e8db1dcb012b6d14a732bc87244 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Thu, 9 Nov 2017 02:21:37 -0500 Subject: [PATCH] Switch to new php-encryption library version - Remove references to library/ files - Add namespace to library classes --- include/items.php | 3 --- mod/dfrn_notify.php | 15 +++++---------- src/Protocol/DFRN.php | 16 +++++----------- 3 files changed, 10 insertions(+), 24 deletions(-) diff --git a/include/items.php b/include/items.php index 64aeabceab..6d4d30e7cb 100644 --- a/include/items.php +++ b/include/items.php @@ -33,9 +33,6 @@ require_once 'mod/share.php'; require_once 'include/enotify.php'; require_once 'include/group.php'; -/// @TODO one day with composer autoloader no more needed -require_once 'library/defuse/php-encryption-1.2.1/Crypto.php'; - function construct_verb($item) { if ($item['verb']) { return $item['verb']; diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index e0e30a2488..c8dc093d17 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -11,10 +11,8 @@ use Friendica\Core\Config; use Friendica\Database\DBM; use Friendica\Protocol\DFRN; -require_once('include/items.php'); -require_once('include/event.php'); - -require_once('library/defuse/php-encryption-1.2.1/Crypto.php'); +require_once 'include/items.php'; +require_once 'include/event.php'; function dfrn_notify_post(App $a) { logger(__function__, LOGGER_TRACE); @@ -185,8 +183,8 @@ function dfrn_notify_post(App $a) { break; case 2: try { - $data = Crypto::decrypt(hex2bin($data), $final_key); - } catch (InvalidCiphertext $ex) { // VERY IMPORTANT + $data = \Defuse\Crypto\Crypto::decrypt(hex2bin($data), $final_key); + } catch (\Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT /* * Either: * 1. The ciphertext was modified by the attacker, @@ -196,12 +194,9 @@ function dfrn_notify_post(App $a) { */ logger('The ciphertext has been tampered with!'); xml_status(0, 'The ciphertext has been tampered with!'); - } catch (Ex\CryptoTestFailed $ex) { + } catch (\Defuse\Crypto\Exception\EnvironmentIsBrokenException $ex) { logger('Cannot safely perform dencryption'); xml_status(0, 'CryptoTestFailed'); - } catch (Ex\CannotPerformOperation $ex) { - logger('Cannot safely perform decryption'); - xml_status(0, 'Cannot safely perform decryption'); } break; default: diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index f400d033ea..6ba8ed7d10 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -1296,26 +1296,20 @@ class DFRN case 2: // RINO 2 based on php-encryption try { - $key = Crypto::createNewRandomKey(); - } catch (CryptoTestFailed $ex) { + $key = \Defuse\Crypto\Key::createNewRandomKey(); + } catch (\Defuse\Crypto\Exception\CryptoException $ex) { logger('Cannot safely create a key'); return -4; - } catch (CannotPerformOperation $ex) { - logger('Cannot safely create a key'); - return -5; } try { - $data = Crypto::encrypt($postvars['data'], $key); - } catch (CryptoTestFailed $ex) { + $data = \Defuse\Crypto\Crypto::encrypt($postvars['data'], $key); + } catch (\Defuse\Crypto\Exception\CryptoException $ex) { logger('Cannot safely perform encryption'); return -6; - } catch (CannotPerformOperation $ex) { - logger('Cannot safely perform encryption'); - return -7; } break; default: - logger("rino: invalid requested verision '$rino_remote_version'"); + logger("rino: invalid requested version '$rino_remote_version'"); return -8; } -- 2.39.5