1 files changed, 27 insertions, 17 deletions

diff --git a/plugins/OStatus/classes/Magicsig.php b/plugins/OStatus/classes/Magicsig.php
index 5705ecc11..f8c56a05f 100644
--- a/plugins/OStatus/classes/Magicsig.php
+++ b/plugins/OStatus/classes/Magicsig.php
@@ -52,7 +52,15 @@ class Magicsig extends Memcached_DataObject
     {
         $obj =  parent::staticGet(__CLASS__, $k, $v);
         if (!empty($obj)) {
-            return Magicsig::fromString($obj->keypair);
+            $obj = Magicsig::fromString($obj->keypair);
+
+            // Double check keys: Crypt_RSA did not
+            // consistently generate good keypairs.
+            // We've also moved to 1024 bit keys.
+            if (strlen($obj->publicKey->modulus->toBits()) != 1024) {
+                $obj->delete();
+                return false;
+            }
         }
 
         return $obj;
@@ -121,11 +129,11 @@ class Magicsig extends Memcached_DataObject
 
     public function toString($full_pair = true)
     {
-        $mod = base64_url_encode($this->publicKey->modulus->toBytes());
-        $exp = base64_url_encode($this->publicKey->exponent->toBytes());
+        $mod = Magicsig::base64_url_encode($this->publicKey->modulus->toBytes());
+        $exp = Magicsig::base64_url_encode($this->publicKey->exponent->toBytes());
         $private_exp = '';
         if ($full_pair && $this->privateKey->exponent->toBytes()) {
-            $private_exp = '.' . base64_url_encode($this->privateKey->exponent->toBytes());
+            $private_exp = '.' . Magicsig::base64_url_encode($this->privateKey->exponent->toBytes());
         }
 
         return 'RSA.' . $mod . '.' . $exp . $private_exp; 
@@ -166,9 +174,9 @@ class Magicsig extends Memcached_DataObject
         $rsa = new Crypt_RSA();
         $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
         $rsa->setHash('sha256');
-        $rsa->modulus = new Math_BigInteger(base64_url_decode($mod), 256);
+        $rsa->modulus = new Math_BigInteger(Magicsig::base64_url_decode($mod), 256);
         $rsa->k = strlen($rsa->modulus->toBytes());
-        $rsa->exponent = new Math_BigInteger(base64_url_decode($exp), 256);
+        $rsa->exponent = new Math_BigInteger(Magicsig::base64_url_decode($exp), 256);
 
         if ($type == 'private') {
             $this->privateKey = $rsa;
@@ -195,23 +203,25 @@ class Magicsig extends Memcached_DataObject
     public function sign($bytes)
     {
         $sig = $this->privateKey->sign($bytes);
-        return base64_url_encode($sig);
+        return Magicsig::base64_url_encode($sig);
     }
 
     public function verify($signed_bytes, $signature)
     {
-        $signature = base64_url_decode($signature);
+        $signature = Magicsig::base64_url_decode($signature);
         return $this->publicKey->verify($signed_bytes, $signature);
     }
-        
-}
 
-function base64_url_encode($input)
-{
-    return strtr(base64_encode($input), '+/', '-_');
-}
 
-function base64_url_decode($input)
-{
-    return base64_decode(strtr($input, '-_', '+/'));
+    public static function base64_url_encode($input)
+    {
+        return strtr(base64_encode($input), '+/', '-_');
+    }
+
+    public static function base64_url_decode($input)
+    {
+        return base64_decode(strtr($input, '-_', '+/'));
+    }
 }
+
+