75 |
75 |
76 $password = false; |
76 $password = false; |
77 if ( $_POST['changing_pw'] == 'yes' ) |
77 if ( $_POST['changing_pw'] == 'yes' ) |
78 { |
78 { |
79 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
79 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
80 $key_hex_md5 = $_POST['crypt_key']; |
80 if ( $_POST['dh_supported'] === 'true' ) |
81 $key_hex = $session->fetch_public_key($key_hex_md5); |
|
82 if ( $key_hex ) |
|
83 { |
81 { |
84 $key_bin = hexdecode($key_hex); |
82 $my_public = $_POST['dh_public']; |
85 $data_hex = $_POST['crypt_data']; |
83 $remote_public = $_POST['dh_mypublic']; |
86 $password = $aes->decrypt($data_hex, $key_bin, ENC_HEX); |
84 |
|
85 // Check the key |
|
86 if ( !preg_match('/^[0-9]+$/', $my_public) || !preg_match('/^[0-9]+$/', $remote_public) ) |
|
87 { |
|
88 $errors[] = $lang->get('user_err_dh_key_not_numeric'); |
|
89 } |
|
90 else |
|
91 { |
|
92 // We have our own public key - cross reference it with the private key in the database |
|
93 $q = $db->sql_query('SELECT private_key, key_id FROM ' . table_prefix . "diffiehellman WHERE public_key = '$my_public';"); |
|
94 if ( !$q ) |
|
95 $db->_die(); |
|
96 |
|
97 if ( $db->numrows() < 1 ) |
|
98 { |
|
99 $errors[] = $lang->get('user_err_dh_key_not_found'); |
|
100 } |
|
101 else |
|
102 { |
|
103 list($my_private, $key_id) = $db->fetchrow_num($q); |
|
104 $db->free_result(); |
|
105 // now that we have this key it can be disposed of |
|
106 $q = $db->sql_query("DELETE FROM " . table_prefix . "diffiehellman WHERE key_id = $key_id;"); |
|
107 if ( !$q ) |
|
108 $db->_die(); |
|
109 // get the shared secret |
|
110 $dh_secret = dh_gen_shared_secret($my_private, $remote_public); |
|
111 global $_math; |
|
112 $dh_secret = $_math->str($dh_secret); |
|
113 |
|
114 // make sure we calculated everything right |
|
115 $secret_check = sha1($dh_secret); |
|
116 if ( $secret_check !== $_POST['crypt_key'] ) |
|
117 { |
|
118 // uh-oh. |
|
119 $errors[] = $lang->get('user_err_dh_key_not_found'); |
|
120 } |
|
121 else |
|
122 { |
|
123 $aes_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 )); |
|
124 $aes_key = hexdecode($aes_key); |
|
125 $password = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX); |
|
126 } |
|
127 } |
|
128 } |
|
129 } |
|
130 else if ( $_POST['dh_supported'] === 'false' ) |
|
131 { |
|
132 $key_hex_md5 = $_POST['crypt_key']; |
|
133 $key_hex = $session->fetch_public_key($key_hex_md5); |
|
134 if ( $key_hex ) |
|
135 { |
|
136 $key_bin = hexdecode($key_hex); |
|
137 $data_hex = $_POST['crypt_data']; |
|
138 $password = $aes->decrypt($data_hex, $key_bin, ENC_HEX); |
|
139 } |
87 } |
140 } |
88 else |
141 else |
89 { |
142 { |
90 $errors[] = $lang->get('acpum_err_no_aes_key'); |
143 $errors[] = $lang->get('acpum_err_no_aes_key'); |
91 } |
144 } |