From 54c8fb2bb80dfd8e73095b0b983ac2c9bccb86cc Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 30 Mar 2017 18:29:12 +0000 Subject: [PATCH 1/4] Replaces mcrypt with phpsec. --- include/diaspora.php | 81 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 66 insertions(+), 15 deletions(-) diff --git a/include/diaspora.php b/include/diaspora.php index 841ba7e7ff..3250fb3da5 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -10,17 +10,18 @@ use \Friendica\Core\Config; -require_once("include/items.php"); -require_once("include/bb2diaspora.php"); -require_once("include/Scrape.php"); -require_once("include/Contact.php"); -require_once("include/Photo.php"); -require_once("include/socgraph.php"); -require_once("include/group.php"); -require_once("include/xml.php"); -require_once("include/datetime.php"); -require_once("include/queue_fn.php"); -require_once("include/cache.php"); +require_once 'include/items.php'; +require_once 'include/bb2diaspora.php'; +require_once 'include/Scrape.php'; +require_once 'include/Contact.php'; +require_once 'include/Photo.php'; +require_once 'include/socgraph.php'; +require_once 'include/group.php'; +require_once 'include/xml.php'; +require_once 'include/datetime.php'; +require_once 'include/queue_fn.php'; +require_once 'include/cache.php'; +require_once 'library/phpsec/Crypt/AES.php'; /** * @brief This class contain functions to create and send Diaspora XML files @@ -160,6 +161,56 @@ class Diaspora { return $data; } + /** + * @brief encrypts data via AES + * + * @param string $key The AES key + * @param string $iv The IV (is used for CBC encoding) + * @param string $data The data that is to be encrypted + * + * @return string encrypted data + */ + private static function aes_encrypt($key, $iv, $data) { + $aes = new Crypt_AES(); + + $block_length = 128; + + $aes->setKey($key); + $aes->setIV($iv); + $aes->disablePadding(); + $aes->setBlockLength($block_length); + + $extra = strlen($data) % $block_length; + + if ($extra) { + $data .= str_repeat("\0", $block_length - $extra); + } + + return $aes->encrypt($data); + } + + /** + * @brief decrypts data via AES + * + * @param string $key The AES key + * @param string $iv The IV (is used for CBC encoding) + * @param string $encrypted The encrypted data + * + * @return string decrypted data + */ + private static function aes_decrypt($key, $iv, $encrypted) { + $aes = new Crypt_AES(); + + $block_length = 128; + + $aes->setKey($key); + $aes->setIV($iv); + $aes->disablePadding(); + $aes->setBlockLength($block_length); + + return $aes->decrypt($encrypted); + } + /** * @brief: Decodes incoming Diaspora message * @@ -199,7 +250,7 @@ class Diaspora { $outer_iv = base64_decode($j_outer_key_bundle->iv); $outer_key = base64_decode($j_outer_key_bundle->key); - $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); + $decrypted = self::aes_decrypt($outer_key, $outer_iv, $ciphertext); $decrypted = pkcs5_unpad($decrypted); @@ -261,7 +312,7 @@ class Diaspora { // Decode the encrypted blob $inner_encrypted = base64_decode($data); - $inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv); + $inner_decrypted = self::aes_decrypt($inner_aes_key, $inner_iv, $inner_encrypted); $inner_decrypted = pkcs5_unpad($inner_decrypted); } @@ -2631,7 +2682,7 @@ class Diaspora { $handle = self::my_handle($user); $padded_data = pkcs5_pad($msg,16); - $inner_encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $padded_data, MCRYPT_MODE_CBC, $inner_iv); + $inner_encrypted = self::aes_decrypt($inner_aes_key, $inner_iv, $padded_data); $b64_data = base64_encode($inner_encrypted); @@ -2655,7 +2706,7 @@ class Diaspora { $decrypted_header = xml::from_array($xmldata, $xml, true); $decrypted_header = pkcs5_pad($decrypted_header,16); - $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv); + $ciphertext = self::aes_decrypt($outer_aes_key, $outer_iv, $decrypted_header); $outer_json = json_encode(array("iv" => $b_outer_iv, "key" => $b_outer_aes_key)); From 973fcd36249ac1670e2df2e44e71088830bea4c2 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 30 Mar 2017 23:21:52 +0000 Subject: [PATCH 2/4] Test with OpenSSL --- include/diaspora.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/diaspora.php b/include/diaspora.php index 3250fb3da5..29278349f1 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -171,6 +171,8 @@ class Diaspora { * @return string encrypted data */ private static function aes_encrypt($key, $iv, $data) { + return openssl_encrypt($data, 'aes-256-cbc', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0")); + $aes = new Crypt_AES(); $block_length = 128; @@ -199,6 +201,8 @@ class Diaspora { * @return string decrypted data */ private static function aes_decrypt($key, $iv, $encrypted) { + return openssl_decrypt($encrypted,'aes-256-cbc', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA,str_pad($iv, 16, "\0")); + $aes = new Crypt_AES(); $block_length = 128; From 156053462162d243dcdcddedf87723eda9d0ffb3 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 31 Mar 2017 06:22:43 +0000 Subject: [PATCH 3/4] Now it's openssl - and no copy&paste failure anymore --- include/diaspora.php | 38 ++------------------------------------ 1 file changed, 2 insertions(+), 36 deletions(-) diff --git a/include/diaspora.php b/include/diaspora.php index 29278349f1..6b5085e69c 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -172,23 +172,6 @@ class Diaspora { */ private static function aes_encrypt($key, $iv, $data) { return openssl_encrypt($data, 'aes-256-cbc', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0")); - - $aes = new Crypt_AES(); - - $block_length = 128; - - $aes->setKey($key); - $aes->setIV($iv); - $aes->disablePadding(); - $aes->setBlockLength($block_length); - - $extra = strlen($data) % $block_length; - - if ($extra) { - $data .= str_repeat("\0", $block_length - $extra); - } - - return $aes->encrypt($data); } /** @@ -202,17 +185,6 @@ class Diaspora { */ private static function aes_decrypt($key, $iv, $encrypted) { return openssl_decrypt($encrypted,'aes-256-cbc', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA,str_pad($iv, 16, "\0")); - - $aes = new Crypt_AES(); - - $block_length = 128; - - $aes->setKey($key); - $aes->setIV($iv); - $aes->disablePadding(); - $aes->setBlockLength($block_length); - - return $aes->decrypt($encrypted); } /** @@ -256,9 +228,6 @@ class Diaspora { $decrypted = self::aes_decrypt($outer_key, $outer_iv, $ciphertext); - - $decrypted = pkcs5_unpad($decrypted); - logger('decrypted: '.$decrypted, LOGGER_DEBUG); $idom = parse_xml_string($decrypted,false); @@ -317,7 +286,6 @@ class Diaspora { $inner_encrypted = base64_decode($data); $inner_decrypted = self::aes_decrypt($inner_aes_key, $inner_iv, $inner_encrypted); - $inner_decrypted = pkcs5_unpad($inner_decrypted); } if (!$author_link) { @@ -2685,8 +2653,7 @@ class Diaspora { $handle = self::my_handle($user); - $padded_data = pkcs5_pad($msg,16); - $inner_encrypted = self::aes_decrypt($inner_aes_key, $inner_iv, $padded_data); + $inner_encrypted = self::aes_encrypt($inner_aes_key, $inner_iv, $msg); $b64_data = base64_encode($inner_encrypted); @@ -2708,9 +2675,8 @@ class Diaspora { "author_id" => $handle)); $decrypted_header = xml::from_array($xmldata, $xml, true); - $decrypted_header = pkcs5_pad($decrypted_header,16); - $ciphertext = self::aes_decrypt($outer_aes_key, $outer_iv, $decrypted_header); + $ciphertext = self::aes_encrypt($outer_aes_key, $outer_iv, $decrypted_header); $outer_json = json_encode(array("iv" => $b_outer_iv, "key" => $b_outer_aes_key)); From 3796a141c6ae58f37e3d26db46a8bb359b640f00 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 31 Mar 2017 06:25:48 +0000 Subject: [PATCH 4/4] We don't need this include anymore --- include/diaspora.php | 1 - 1 file changed, 1 deletion(-) diff --git a/include/diaspora.php b/include/diaspora.php index 6b5085e69c..89915c3d14 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -21,7 +21,6 @@ require_once 'include/xml.php'; require_once 'include/datetime.php'; require_once 'include/queue_fn.php'; require_once 'include/cache.php'; -require_once 'library/phpsec/Crypt/AES.php'; /** * @brief This class contain functions to create and send Diaspora XML files