From c98908daa9cb992bf485a13ba837aea331419222 Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Wed, 13 Aug 2008 01:13:55 +0000 Subject: Update: Seperated Encryption ID from Verifiction ID The Client was failing to properly decrypt encrypted data because of a key generation issue, the key is generated from a password and a Verification ID. However, because Verifcation IDs must be unique, the encryption key and the decryption key would differ. However, the Central Server needs to be modified so as to pass on the Encryption Key. Refs #10 --- update/library/trunk/instadisc.php | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) (limited to 'update/library/trunk') diff --git a/update/library/trunk/instadisc.php b/update/library/trunk/instadisc.php index 3f9f945..6cf5e09 100644 --- a/update/library/trunk/instadisc.php +++ b/update/library/trunk/instadisc.php @@ -14,14 +14,11 @@ $idusActivationKey = array(); $idusEncryptionKey = array(); $instaDisc_subCount = 0; -function instaDisc_sendItem($id, $title, $author, $url, $semantics, $verID = 0) +function instaDisc_sendItem($id, $title, $author, $url, $semantics) { global $idusUsername, $idusPassword, $idusCentralServer, $idusSubscriptionURI; - - if ($verID == 0) - { - $verID = rand(1,65536); - } + + $verID = rand(1,65536); $client = new xmlrpc_client($idusCentralServer[$id]); $msg = new xmlrpcmsg("InstaDisc.sendFromUpdate", array( new xmlrpcval($idusUsername[$id], 'string'), @@ -31,7 +28,8 @@ function instaDisc_sendItem($id, $title, $author, $url, $semantics, $verID = 0) new xmlrpcval($title, 'string'), new xmlrpcval($author, 'string'), new xmlrpcval($url, 'string'), - new xmlrpcval(serialize($semantics), 'string'))); + new xmlrpcval(serialize($semantics), 'string'), + new xmlrpcval('0', 'int'))); $client->send($msg); } @@ -39,15 +37,15 @@ function instaDisc_sendEncrypted($id, $title, $author, $url, $semantics) { global $idusEncryptionKey; - $verID = 0; - while ($verID == 0) + $encID = 0; + while ($encID == 0) { - $verID = rand(1,65536); + $encID = rand(1,65536); } $cipher = "rijndael-128"; $mode = "cbc"; - $key = substr(md5(substr(str_pad($idusEncryptionKey[$id],16,$verID),0,16)),0,16); + $key = substr(md5(substr(str_pad($idusEncryptionKey[$id],16,$encID),0,16)),0,16); $td = mcrypt_module_open($cipher, "", $mode, ""); mcrypt_generic_init($td, $key, strrev($key)); @@ -63,7 +61,19 @@ function instaDisc_sendEncrypted($id, $title, $author, $url, $semantics) mcrypt_generic_deinit($td); mcrypt_module_close($td); - instaDisc_sendItem($id, $title, $author, $url, $semantics, $verID); + $verID = rand(1,65536); + + $client = new xmlrpc_client($idusCentralServer[$id]); + $msg = new xmlrpcmsg("InstaDisc.sendFromUpdate", array( new xmlrpcval($idusUsername[$id], 'string'), + new xmlrpcval(md5($idusUsername[$id] . ":" . md5($idusPassword[$id]) . ":" . $verID), 'string'), + new xmlrpcval($verID, 'int'), + new xmlrpcval($idusSubscriptionURI[$id], 'string'), + new xmlrpcval($title, 'string'), + new xmlrpcval($author, 'string'), + new xmlrpcval($url, 'string'), + new xmlrpcval(serialize($semantics), 'string'), + new xmlrpcval($encID, 'int'))); + $client->send($msg); } function instaDisc_addSubscription($username, $password, $central, $uri, $title, $category, $key = '', $enc = '') -- cgit 1.4.1