From aca4e19980677e28172552160481ef0c6be0b607 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.de>
Date: Thu, 24 Aug 2023 23:05:12 +0200
Subject: [PATCH] Drop v2 onion support

---
 var/www/common.php        | 58 ++-------------------------------------
 var/www/html/home.php     |  5 +---
 var/www/html/register.php |  3 +-
 var/www/setup.php         |  3 ++
 4 files changed, 8 insertions(+), 61 deletions(-)

diff --git a/var/www/common.php b/var/www/common.php
index 9b96453..f9254ba 100644
--- a/var/www/common.php
+++ b/var/www/common.php
@@ -5,7 +5,7 @@ const DBUSER='hosting'; // Database user
 const DBPASS='MY_PASSWORD'; // Database password
 const DBNAME='hosting'; // Database
 const PERSISTENT=true; // Use persistent database conection true/false
-const DBVERSION=20; //database layout version
+const DBVERSION=21; //database layout version
 const CAPTCHA=1; // Captcha difficulty (0=off, 1=simple, 2=moderate, 3=extreme)
 const ADDRESS='dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion'; // our own address
 const CANONICAL_URL='https://hosting.danwin1210.me'; // our preferred domain for search engines
@@ -139,14 +139,6 @@ bindtextdomain('hosting', __DIR__.'/locale');
 bind_textdomain_codeset('hosting', 'UTF-8');
 textdomain('hosting');
 
-function get_onion_v2($pkey) : string {
-	$keyData = openssl_pkey_get_details($pkey);
-	$pk = base64_decode(substr($keyData['key'], 27, -26));
-	$skipped_first_22 = substr($pk, 22);
-	$first_80_bits_of_sha1 = hex2bin(substr(sha1($skipped_first_22), 0, 20));
-	return base32_encode($first_80_bits_of_sha1);
-}
-
 function get_onion_v3(string $sk) : string {
 	if(PHP_INT_SIZE === 4){
 		$pk = ParagonIE_Sodium_Core32_Ed25519::sk_to_pk($sk);
@@ -420,47 +412,7 @@ function private_key_to_onion(string $priv_key) : array {
 	$onion = '';
 	$priv_key = trim($priv_key);
 	$version = 0;
-	if(($pkey = openssl_pkey_get_private($priv_key)) !== false){
-		$version = 2;
-		$details = openssl_pkey_get_details($pkey);
-		if($details['type'] === OPENSSL_KEYTYPE_RSA){
-			$p = gmp_init(bin2hex($details['rsa']['p']), 16);
-			$q = gmp_init(bin2hex($details['rsa']['q']), 16);
-			$n = gmp_init(bin2hex($details['rsa']['n']), 16);
-			$d = gmp_init(bin2hex($details['rsa']['d']), 16);
-			$dmp1 = gmp_init(bin2hex($details['rsa']['dmp1']), 16);
-			$dmq1 = gmp_init(bin2hex($details['rsa']['dmq1']), 16);
-			$iqmp = gmp_init(bin2hex($details['rsa']['iqmp']), 16);
-		}
-		if($details['type'] !== OPENSSL_KEYTYPE_RSA){
-			$message = 'Error: private key is not an RSA key.';
-			$ok = false;
-		}elseif($details['bits'] !== 1024){
-			$message = 'Error: private key not of bitsize 1024.';
-			$ok = false;
-		}elseif(gmp_prob_prime($p) === 0){
-			$message = 'Error: p is not a prime';
-			$ok = false;
-		}elseif(gmp_prob_prime($q) === 0){
-			$message = 'Error: q is not a prime';
-			$ok = false;
-		}elseif(gmp_cmp($n, gmp_mul($p, $q) ) !== 0){
-			$message = 'Error: n does not equal p q';
-			$ok = false;
-		}elseif(gmp_cmp($dmp1, gmp_mod($d, gmp_sub($p, 1) ) ) !==0 ){
-			$message = 'Error: dmp1 invalid';
-			$ok = false;
-		}elseif(gmp_cmp($dmq1, gmp_mod($d, gmp_sub($q, 1) ) ) !== 0){
-			$message = 'Error: dmq1 invalid';
-			$ok = false;
-		}elseif(gmp_cmp($iqmp, gmp_invert($q, $p) ) !==0 ){
-			$message = 'Error: iqmp not inverse of q';
-			$ok = false;
-		}else{
-			$onion = get_onion_v2($pkey);
-		}
-		return ['ok' => $ok, 'message' => $message, 'onion' => $onion, 'version' => $version];
-	} elseif(($priv = base64_decode($priv_key, true)) !== false){
+	if(($priv = base64_decode($priv_key, true)) !== false){
 		$version = 3;
 		if( ! str_starts_with( $priv, '== ed25519v1-secret: type0 ==' . hex2bin( '000000' ) ) || strlen($priv) !== 96){
 			$message = 'Error: v3 secret key invalid.';
@@ -478,11 +430,7 @@ function private_key_to_onion(string $priv_key) : array {
 function generate_new_onion(int $version = 3) : array {
 	$priv_key = '';
 	$onion = '';
-	if($version === 2){
-		$pkey = openssl_pkey_new(['private_key_bits' => 1024, 'private_key_type' => OPENSSL_KEYTYPE_RSA]);
-		openssl_pkey_export($pkey, $priv_key);
-		$onion = get_onion_v2($pkey);
-	} else {
+	if($version === 3){
 		$seed = random_bytes(32);
 		$sk = ed25519_seckey_expand($seed);
 		$priv_key = base64_encode('== ed25519v1-secret: type0 ==' . hex2bin('000000') . $sk);
diff --git a/var/www/html/home.php b/var/www/html/home.php
index 835538e..1a3fc23 100644
--- a/var/www/html/home.php
+++ b/var/www/html/home.php
@@ -68,7 +68,7 @@ if(isset($_POST['action']) && $_POST['action']==='add_onion'){
 		}
 	}else{
 		$onion_version = 3;
-		if(isset($_REQUEST['onion_type']) && in_array($_REQUEST['onion_type'], [2, 3])){
+		if(isset($_REQUEST['onion_type']) && in_array($_REQUEST['onion_type'], [3])){
 			$onion_version = $_REQUEST['onion_type'];
 		}
 		$check=$db->prepare('SELECT null FROM onions WHERE onion=?;');
@@ -210,9 +210,6 @@ if($count_onions<MAX_NUM_USER_ONIONS){
 	echo '<label><input type="radio" name="onion_type" value="3"';
 	echo (!isset($_POST['onion_type']) || $_POST['onion_type']==3) ? ' checked' : '';
 	echo '>'._('Random v3 Address').'</label>';
-	echo '<label><input type="radio" name="onion_type" value="2"';
-	echo isset($_POST['onion_type']) && $_POST['onion_type']==2 ? ' checked' : '';
-	echo '>'._('Random v2 Address').'</label>';
 	echo '<label><input id="custom_onion" type="radio" name="onion_type" value="custom"';
 	echo isset($_POST['onion_type']) && $_POST['onion_type']==='custom' ? ' checked' : '';
 	echo '>'._('Custom private key');
diff --git a/var/www/html/register.php b/var/www/html/register.php
index 13ae960..2c7fc32 100644
--- a/var/www/html/register.php
+++ b/var/www/html/register.php
@@ -74,7 +74,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
 				}
 			}
 		}else{
-			if(isset($_REQUEST['onion_type']) && in_array($_REQUEST['onion_type'], [2, 3])){
+			if(isset($_REQUEST['onion_type']) && in_array($_REQUEST['onion_type'], [3])){
 				$onion_version = $_REQUEST['onion_type'];
 			}
 			$check=$db->prepare('SELECT null FROM onions WHERE onion=?;');
@@ -148,7 +148,6 @@ foreach(PHP_VERSIONS as $key => $version){
 <tr><td colspan=2><label><input type="checkbox" name="autoindex" value="1"<?php echo $autoindex; ?>><?php echo _('Enable autoindex (listing of files)'); ?></label></td></tr>
 <tr><td colspan=2><?php echo _('Type of hidden service:'); ?><br>
 <label><input type="radio" name="onion_type" value="3"<?php echo (!isset($_POST['onion_type']) || $_POST['onion_type']==3) ? ' checked' : ''; ?>><?php echo _('Random v3 Address'); ?></label>
-<label><input type="radio" name="onion_type" value="2"<?php echo isset($_POST['onion_type']) && $_POST['onion_type']==2 ? ' checked' : ''; ?>><?php echo _('Random v2 Address'); ?></label>
 <label><input id="custom_onion" type="radio" name="onion_type" value="custom"<?php echo isset($_POST['onion_type']) && $_POST['onion_type']==='custom' ? ' checked' : ''; ?>><?php echo _('Custom private key'); ?>
 <textarea id="private_key" name="private_key" rows="5" cols="28">
 <?php echo isset($_REQUEST['private_key']) ? htmlspecialchars($_REQUEST['private_key']) : ''; ?>
diff --git a/var/www/setup.php b/var/www/setup.php
index 59f5dad..78fbb84 100644
--- a/var/www/setup.php
+++ b/var/www/setup.php
@@ -156,6 +156,9 @@ if(!$version){
 	if($version<20){
 		$db->exec("ALTER TABLE onions CHANGE max_streams max_streams tinyint(3) unsigned NOT NULL DEFAULT '6';");
 	}
+	if($version<21){
+		$db->exec('UPDATE onions SET enabled=-1 WHERE version = 2;');
+	}
 	$stmt=$db->prepare("UPDATE settings SET value=? WHERE setting='version';");
 	$stmt->execute([DBVERSION]);
 }