danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New generation AES256-GCM encryption by libsodium. PHP >= 7.3 needed.

Browse Source
This commit is contained in:
cypherbits
2020-05-02 12:16:36 +02:00
parent d58fdeee8b
commit 0963acafcf
1 changed files with 30 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
chat.php
View File

@ -768,7 +768,8 @@ function restore_backup($C){
$note['type']=1; $note['type']=1;
} }
if(MSGENCRYPTED){ if(MSGENCRYPTED){
$note['text']=openssl_encrypt($note['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$note['text']=openssl_encrypt($note['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$note['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($note['text'], '', AES_IV, ENCRYPTKEY));
} }
$stmt->execute([$note['type'], $note['lastedited'], $note['editedby'], $note['text']]); $stmt->execute([$note['type'], $note['lastedited'], $note['editedby'], $note['text']]);
} }
@ -804,7 +805,8 @@ function send_backup($C){
$result=$db->query('SELECT * FROM ' . PREFIX . "notes;"); $result=$db->query('SELECT * FROM ' . PREFIX . "notes;");
while($note=$result->fetch(PDO::FETCH_ASSOC)){ while($note=$result->fetch(PDO::FETCH_ASSOC)){
if(MSGENCRYPTED){ if(MSGENCRYPTED){
$note['text']=openssl_decrypt($note['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$note['text']=openssl_decrypt($note['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$note['text']=sodium_crypto_aead_aes256gcm_decrypt(base64_decode($note['text']), null, AES_IV, ENCRYPTKEY);
} }
$code['notes'][]=$note; $code['notes'][]=$note;
} }
@ -1539,7 +1541,8 @@ function send_notes($type){
} }
if(isset($_REQUEST['text'])){ if(isset($_REQUEST['text'])){
if(MSGENCRYPTED){ if(MSGENCRYPTED){
$_REQUEST['text']=openssl_encrypt($_REQUEST['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$_REQUEST['text']=openssl_encrypt($_REQUEST['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$_REQUEST['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($_REQUEST['text'], '', AES_IV, ENCRYPTKEY));
} }
$time=time(); $time=time();
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'notes (type, lastedited, editedby, text) VALUES (?, ?, ?, ?);'); $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'notes (type, lastedited, editedby, text) VALUES (?, ?, ?, ?);');
@ -1573,7 +1576,8 @@ function send_notes($type){
$note['text']=''; $note['text']='';
} }
if(MSGENCRYPTED){ if(MSGENCRYPTED){
$note['text']=openssl_decrypt($note['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$note['text']=openssl_decrypt($note['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$note['text']=sodium_crypto_aead_aes256gcm_decrypt(base64_decode($note['text']), null, AES_IV, ENCRYPTKEY);
} }
echo "</p>".form('notes'); echo "</p>".form('notes');
echo "$hiddendo<textarea name=\"text\">".htmlspecialchars($note['text']).'</textarea><br>'; echo "$hiddendo<textarea name=\"text\">".htmlspecialchars($note['text']).'</textarea><br>';
@ -2932,7 +2936,8 @@ function validate_input(){
'text' =>"<span class=\"usermsg\">$displaysend".style_this($message, $U['style']).'</span>' 'text' =>"<span class=\"usermsg\">$displaysend".style_this($message, $U['style']).'</span>'
]; ];
if(MSGENCRYPTED){ if(MSGENCRYPTED){
$newmessage['text']=openssl_encrypt($newmessage['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$newmessage['text']=openssl_encrypt($newmessage['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$newmessage['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($newmessage['text'], '', AES_IV, ENCRYPTKEY));
} }
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'inbox (postdate, postid, poster, recipient, text) VALUES(?, ?, ?, ?, ?)'); $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'inbox (postdate, postid, poster, recipient, text) VALUES(?, ?, ?, ?, ?)');
$stmt->execute([$newmessage['postdate'], $id[0], $newmessage['poster'], $newmessage['recipient'], $newmessage['text']]); $stmt->execute([$newmessage['postdate'], $id[0], $newmessage['poster'], $newmessage['recipient'], $newmessage['text']]);
@ -3120,7 +3125,8 @@ function add_system_message($mes){
function write_message($message){ function write_message($message){
global $db; global $db;
if(MSGENCRYPTED){ if(MSGENCRYPTED){
$message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$message['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($message['text'], '', AES_IV, ENCRYPTKEY));
} }
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'messages (postdate, poststatus, poster, recipient, text, delstatus) VALUES (?, ?, ?, ?, ?, ?);'); $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'messages (postdate, poststatus, poster, recipient, text, delstatus) VALUES (?, ?, ?, ?, ?, ?);');
$stmt->execute([$message['postdate'], $message['poststatus'], $message['poster'], $message['recipient'], $message['text'], $message['delstatus']]); $stmt->execute([$message['postdate'], $message['poststatus'], $message['poster'], $message['recipient'], $message['text'], $message['delstatus']]);
@ -3241,7 +3247,8 @@ function print_messages($delstatus=0){
function prepare_message_print(&$message, $removeEmbed){ function prepare_message_print(&$message, $removeEmbed){
if(MSGENCRYPTED){ if(MSGENCRYPTED){
$message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$message['text']=sodium_crypto_aead_aes256gcm_decrypt(base64_decode($message['text']), null, AES_IV, ENCRYPTKEY);
} }
if($removeEmbed){ if($removeEmbed){
$message['text']=preg_replace_callback('/<img src="([^"]+)"><\/a>/u', $message['text']=preg_replace_callback('/<img src="([^"]+)"><\/a>/u',
@ -4006,9 +4013,11 @@ function update_db(){
$stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET text=? WHERE id=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET text=? WHERE id=?;');
while($message=$result->fetch(PDO::FETCH_ASSOC)){ while($message=$result->fetch(PDO::FETCH_ASSOC)){
if(MSGENCRYPTED){ if(MSGENCRYPTED){
$message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$message['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($message['text'], '', AES_IV, ENCRYPTKEY));
}else{ }else{
$message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$message['text']=sodium_crypto_aead_aes256gcm_decrypt(base64_decode($message['text']), null, AES_IV, ENCRYPTKEY);
} }
$stmt->execute([$message['text'], $message['id']]); $stmt->execute([$message['text'], $message['id']]);
} }
@ -4016,9 +4025,11 @@ function update_db(){
$stmt=$db->prepare('UPDATE ' . PREFIX . 'notes SET text=? WHERE id=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'notes SET text=? WHERE id=?;');
while($message=$result->fetch(PDO::FETCH_ASSOC)){ while($message=$result->fetch(PDO::FETCH_ASSOC)){
if(MSGENCRYPTED){ if(MSGENCRYPTED){
$message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$message['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($message['text'], '', AES_IV, ENCRYPTKEY));
}else{ }else{
$message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); //$message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456');
$message['text']=sodium_crypto_aead_aes256gcm_decrypt(base64_decode($message['text']), null, AES_IV, ENCRYPTKEY);
} }
$stmt->execute([$message['text'], $message['id']]); $stmt->execute([$message['text'], $message['id']]);
} }
@ -4177,10 +4188,11 @@ function load_lang(){
function load_config(){ function load_config(){
mb_internal_encoding('UTF-8'); mb_internal_encoding('UTF-8');
define('VERSION', '1.23.7'); // Script version define('VERSION', '1.24'); // Script version
define('DBVERSION', 42); // Database layout version define('DBVERSION', 42); // Database layout version
define('MSGENCRYPTED', false); // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing! define('MSGENCRYPTED', false); // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing!
define('ENCRYPTKEY', 'MY_KEY'); // Encryption key for messages define('ENCRYPTKEY', 'MY_SECRET_KEY'); // Encryption key for messages
define('AES_IV', '1234567890123456'); //AES Encryption IV
define('DBHOST', 'localhost'); // Database host define('DBHOST', 'localhost'); // Database host
define('DBUSER', 'www-data'); // Database user define('DBUSER', 'www-data'); // Database user
define('DBPASS', 'YOUR_DB_PASS'); // Database password define('DBPASS', 'YOUR_DB_PASS'); // Database password
@ -4198,4 +4210,9 @@ function load_config(){
} }
define('COOKIENAME', PREFIX . 'chat_session'); // Cookie name storing the session information define('COOKIENAME', PREFIX . 'chat_session'); // Cookie name storing the session information
define('LANG', 'en'); // Default language define('LANG', 'en'); // Default language
if (MSGENCRYPTED){
//Do not touch: Compute real keys needed by encryption functions
define('ENCRYPTKEY', substr(hash("sha512/256",ENCRYPTKEY),0, SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES));
define('AES_IV', substr(hash("sha512/256",AES_IV), 0, SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES));
}
} }