PageRenderTime 39ms CodeModel.GetById 10ms RepoModel.GetById 0ms app.codeStats 0ms

/hphp/zend/php-crypt_r.cpp

https://gitlab.com/iranjith4/hhvm
C++ | 381 lines | 234 code | 76 blank | 71 comment | 70 complexity | 5f1bc9f3d66532cb066656669e4871d7 MD5 | raw file
    

  1. /* $Id$ */
    2. 

  2. /*
    3. 

  3.    +----------------------------------------------------------------------+
    4. 

  4.    | PHP Version 7                                                        |
    5. 

  5.    +----------------------------------------------------------------------+
    6. 

  6.    | Copyright (c) 1997-2015 The PHP Group                                |
    7. 

  7.    +----------------------------------------------------------------------+
    8. 

  8.    | This source file is subject to version 3.01 of the PHP license,      |
    9. 

  9.    | that is bundled with this package in the file LICENSE, and is        |
    10. 

  10.    | available through the world-wide-web at the following url:           |
    11. 

  11.    | http://www.php.net/license/3_01.txt                                  |
    12. 

  12.    | If you did not receive a copy of the PHP license and are unable to   |
    13. 

  13.    | obtain it through the world-wide-web, please send a note to          |
    14. 

  14.    | license@php.net so we can mail you a copy immediately.               |
    15. 

  15.    +----------------------------------------------------------------------+
    16. 

  16.    | Authors: Pierre Alain Joye  <pajoye@php.net                          |
    17. 

  17.    +----------------------------------------------------------------------+
    18. 

  18.  */
    19. 

  19. 

  20. /*
    21. 

  21.  * License for the Unix md5crypt implementation (md5_crypt):
    22. 

  22.  *
    23. 

  23.  * ----------------------------------------------------------------------------
    24. 

  24.  * "THE BEER-WARE LICENSE" (Revision 42):
    25. 

  25.  * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
    26. 

  26.  * can do whatever you want with this stuff. If we meet some day, and you think
    27. 

  27.  * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
    28. 

  28.  * ----------------------------------------------------------------------------
    29. 

  29.  *
    30. 

  30.  * from FreeBSD: crypt.c,v 1.5 1996/10/14 08:34:02 phk Exp
    31. 

  31.  * via OpenBSD: md5crypt.c,v 1.9 1997/07/23 20:58:27 kstailey Exp
    32. 

  32.  * via NetBSD: md5crypt.c,v 1.4.2.1 2002/01/22 19:31:59 he Exp
    33. 

  33.  *
    34. 

  34.  */
    35. 

  35. 

  36. #ifdef _MSC_VER
    37. 

  37. #include <Windows.h>
    38. 

  38. #include <wincrypt.h>
    39. 

  39. #endif
    40. 

  40. 

  41. #include <string.h>
    42. 

  42. #include <signal.h>
    43. 

  43. 

  44. #include "php-crypt_r.h"
    45. 

  45. #include "crypt-freesec.h"
    46. 

  46. #include "zend-md5.h"
    47. 

  47. 

  48. #include "hphp/util/lock.h"
    49. 

  49. #include "hphp/util/mutex.h"
    50. 

  50. 

  51. namespace HPHP {
    52. 

  52. 

  53. void _crypt_extended_init_r() {
    54. 

  54.   static Mutex m;
    55. 

  55.   static volatile bool initialized = 0;
    56. 

  56. 

  57.   Lock l(m);
    58. 

  58. 

  59.   if (!initialized) {
    60. 

  60.     initialized = 1;
    61. 

  61.     _crypt_extended_init();
    62. 

  62.   }
    63. 

  63. }
    64. 

  64. 

  65. /* MD% crypt implementation using the windows CryptoApi */
    66. 

  66. #define MD5_MAGIC "$1$"
    67. 

  67. #define MD5_MAGIC_LEN 3
    68. 

  68. 

  69. static unsigned char itoa64[] =    /* 0 ... 63 => ascii - 64 */
    70. 

  70.   "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
    71. 

  71. 

  72. static void
    73. 

  73. to64(char *s, int v, int n) {
    74. 

  74.   while (--n >= 0) {
    75. 

  75.     *s++ = itoa64[v & 0x3f];
    76. 

  76.     v >>= 6;
    77. 

  77.   }
    78. 

  78. }
    79. 

  79. 

  80. #ifdef _MSC_VER
    81. 

  81. char* php_md5_crypt_r(const char *pw, const char *salt, char *out) {
    82. 

  82.   HCRYPTPROV hCryptProv;
    83. 

  83.   HCRYPTHASH ctx, ctx1;
    84. 

  84.   unsigned int i, pwl, sl;
    85. 

  85.   const BYTE magic_md5[4] = "$1$";
    86. 

  86.   const DWORD magic_md5_len = 3;
    87. 

  87.   DWORD        dwHashLen;
    88. 

  88.   int pl;
    89. 

  89.   __int32 l;
    90. 

  90.   const char *sp = salt;
    91. 

  91.   const char *ep = salt;
    92. 

  92.   char *p = NULL;
    93. 

  93.   char *passwd = out;
    94. 

  94.   unsigned char final[16];
    95. 

  95. 

  96.   /* Acquire a cryptographic provider context handle. */
    97. 

  97.   if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
    98. 

  98.     return NULL;
    99. 

  99.   }
    100. 

  100. 

  101.   pwl = (unsigned int) strlen(pw);
    102. 

  102. 

  103.   /* Refine the salt first */
    104. 

  104.   sp = salt;
    105. 

  105. 

  106.   /* If it starts with the magic string, then skip that */
    107. 

  107.   if (strncmp(sp, MD5_MAGIC, MD5_MAGIC_LEN) == 0) {
    108. 

  108.     sp += MD5_MAGIC_LEN;
    109. 

  109.   }
    110. 

  110. 

  111.   /* It stops at the first '$', max 8 chars */
    112. 

  112.   for (ep = sp; *ep != '\0' && *ep != '$' && ep < (sp + 8); ep++) {
    113. 

  113.     continue;
    114. 

  114.   }
    115. 

  115. 

  116.   /* get the length of the true salt */
    117. 

  117.   sl = (unsigned int)(ep - sp);
    118. 

  118. 

  119.   /* Create an empty hash object. */
    120. 

  120.   if(!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &ctx)) {
    121. 

  121.     goto _destroyProv;
    122. 

  122.   }
    123. 

  123. 

  124.   /* The password first, since that is what is most unknown */
    125. 

  125.   if(!CryptHashData(ctx, (BYTE *)pw, pwl, 0)) {
    126. 

  126.     goto _destroyCtx0;
    127. 

  127.   }
    128. 

  128. 

  129.   /* Then our magic string */
    130. 

  130.   if(!CryptHashData(ctx, magic_md5, magic_md5_len, 0)) {
    131. 

  131.     goto _destroyCtx0;
    132. 

  132.   }
    133. 

  133. 

  134.   /* Then the raw salt */
    135. 

  135.   if(!CryptHashData( ctx, (BYTE *)sp, sl, 0)) {
    136. 

  136.     goto _destroyCtx0;
    137. 

  137.   }
    138. 

  138. 

  139.   /* MD5(pw,salt,pw), valid. */
    140. 

  140.   /* Then just as many characters of the MD5(pw,salt,pw) */
    141. 

  141.   if(!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &ctx1)) {
    142. 

  142.     goto _destroyCtx0;
    143. 

  143.   }
    144. 

  144.   if(!CryptHashData(ctx1, (BYTE *)pw, pwl, 0)) {
    145. 

  145.     goto _destroyCtx1;
    146. 

  146.   }
    147. 

  147.   if(!CryptHashData(ctx1, (BYTE *)sp, sl, 0)) {
    148. 

  148.     goto _destroyCtx1;
    149. 

  149.   }
    150. 

  150.   if(!CryptHashData(ctx1, (BYTE *)pw, pwl, 0)) {
    151. 

  151.     goto _destroyCtx1;
    152. 

  152.   }
    153. 

  153. 

  154.   dwHashLen = 16;
    155. 

  155.   CryptGetHashParam(ctx1, HP_HASHVAL, final, &dwHashLen, 0);
    156. 

  156.   /*  MD5(pw,salt,pw). Valid. */
    157. 

  157. 

  158.   for (pl = pwl; pl > 0; pl -= 16) {
    159. 

  159.     CryptHashData(ctx, final, (DWORD)(pl > 16 ? 16 : pl), 0);
    160. 

  160.   }
    161. 

  161. 

  162.   /* Don't leave anything around in vm they could use. */
    163. 

  163.   RtlSecureZeroMemory(final, sizeof(final));
    164. 

  164. 

  165.   /* Then something really weird... */
    166. 

  166.   for (i = pwl; i != 0; i >>= 1) {
    167. 

  167.     if ((i & 1) != 0) {
    168. 

  168.       CryptHashData(ctx, (const BYTE *)final, 1, 0);
    169. 

  169.     } else {
    170. 

  170.       CryptHashData(ctx, (const BYTE *)pw, 1, 0);
    171. 

  171.     }
    172. 

  172.   }
    173. 

  173. 

  174.   memcpy(passwd, MD5_MAGIC, MD5_MAGIC_LEN);
    175. 

  175. 

  176.   if (strncpy_s(passwd + MD5_MAGIC_LEN, MD5_HASH_MAX_LEN - MD5_MAGIC_LEN, sp, sl + 1) != 0) {
    177. 

  177.     goto _destroyCtx1;
    178. 

  178.   }
    179. 

  179.   passwd[MD5_MAGIC_LEN + sl] = '\0';
    180. 

  180.   strcat_s(passwd, MD5_HASH_MAX_LEN, "$");
    181. 

  181. 

  182.   dwHashLen = 16;
    183. 

  183. 

  184.   /* Fetch the ctx hash value */
    185. 

  185.   CryptGetHashParam(ctx, HP_HASHVAL, final, &dwHashLen, 0);
    186. 

  186. 

  187.   for (i = 0; i < 1000; i++) {
    188. 

  188.     if(!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &ctx1)) {
    189. 

  189.       goto _destroyCtx1;
    190. 

  190.     }
    191. 

  191. 

  192.     if ((i & 1) != 0) {
    193. 

  193.       if(!CryptHashData(ctx1, (BYTE *)pw, pwl, 0)) {
    194. 

  194.         goto _destroyCtx1;
    195. 

  195.       }
    196. 

  196.     } else {
    197. 

  197.       if(!CryptHashData(ctx1, (BYTE *)final, 16, 0)) {
    198. 

  198.         goto _destroyCtx1;
    199. 

  199.       }
    200. 

  200.     }
    201. 

  201. 

  202.     if ((i % 3) != 0) {
    203. 

  203.       if(!CryptHashData(ctx1, (BYTE *)sp, sl, 0)) {
    204. 

  204.         goto _destroyCtx1;
    205. 

  205.       }
    206. 

  206.     }
    207. 

  207. 

  208.     if ((i % 7) != 0) {
    209. 

  209.       if(!CryptHashData(ctx1, (BYTE *)pw, pwl, 0)) {
    210. 

  210.         goto _destroyCtx1;
    211. 

  211.       }
    212. 

  212.     }
    213. 

  213. 

  214.     if ((i & 1) != 0) {
    215. 

  215.       if(!CryptHashData(ctx1, (BYTE *)final, 16, 0)) {
    216. 

  216.         goto _destroyCtx1;
    217. 

  217.       }
    218. 

  218.     } else {
    219. 

  219.       if(!CryptHashData(ctx1, (BYTE *)pw, pwl, 0)) {
    220. 

  220.         goto _destroyCtx1;
    221. 

  221.       }
    222. 

  222.     }
    223. 

  223. 

  224.     /* Fetch the ctx hash value */
    225. 

  225.     dwHashLen = 16;
    226. 

  226.     CryptGetHashParam(ctx1, HP_HASHVAL, final, &dwHashLen, 0);
    227. 

  227.     if(!(CryptDestroyHash(ctx1))) {
    228. 

  228.       goto _destroyCtx0;
    229. 

  229.     }
    230. 

  230.   }
    231. 

  231. 

  232.   ctx1 = (HCRYPTHASH) NULL;
    233. 

  233. 

  234.   p = passwd + sl + MD5_MAGIC_LEN + 1;
    235. 

  235. 

  236.   l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
    237. 

  237.   l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
    238. 

  238.   l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
    239. 

  239.   l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
    240. 

  240.   l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
    241. 

  241.   l = final[11]; to64(p,l,2); p += 2;
    242. 

  242. 

  243.   *p = '\0';
    244. 

  244. 

  245.   RtlSecureZeroMemory(final, sizeof(final));
    246. 

  246. 

  247. 

  248. _destroyCtx1:
    249. 

  249.   if (ctx1) {
    250. 

  250.     if (!CryptDestroyHash(ctx1)) {
    251. 

  251. 

  252.     }
    253. 

  253.   }
    254. 

  254. 

  255. _destroyCtx0:
    256. 

  256.   CryptDestroyHash(ctx);
    257. 

  257. 

  258. _destroyProv:
    259. 

  259.   /* Release the provider handle.*/
    260. 

  260.   if(hCryptProv) {
    261. 

  261.     if(!(CryptReleaseContext(hCryptProv, 0))) {
    262. 

  262.       return NULL;
    263. 

  263.     }
    264. 

  264.   }
    265. 

  265. 

  266.   return out;
    267. 

  267. }
    268. 

  268. 

  269. #else
    270. 

  270. 

  271. /*
    272. 

  272.  * MD5 password encryption.
    273. 

  273.  */
    274. 

  274. char* php_md5_crypt_r(const char *pw, const char *salt, char *out)
    275. 

  275. {
    276. 

  276.   static __thread char passwd[MD5_HASH_MAX_LEN], *p;
    277. 

  277.   const char *sp, *ep;
    278. 

  278.   unsigned char final[16];
    279. 

  279.   unsigned int i, sl, pwl;
    280. 

  280.   PHP_MD5_CTX ctx, ctx1;
    281. 

  281.   uint32_t l;
    282. 

  282.   int pl;
    283. 

  283. 

  284.   pwl = strlen(pw);
    285. 

  285. 

  286.   /* Refine the salt first */
    287. 

  287.   sp = salt;
    288. 

  288. 

  289.   /* If it starts with the magic string, then skip that */
    290. 

  290.   if (strncmp(sp, MD5_MAGIC, MD5_MAGIC_LEN) == 0)
    291. 

  291.     sp += MD5_MAGIC_LEN;
    292. 

  292. 

  293.   /* It stops at the first '$', max 8 chars */
    294. 

  294.   for (ep = sp; *ep != '\0' && *ep != '$' && ep < (sp + 8); ep++)
    295. 

  295.     continue;
    296. 

  296. 

  297.   /* get the length of the true salt */
    298. 

  298.   sl = ep - sp;
    299. 

  299. 

  300.   PHP_MD5Init(&ctx);
    301. 

  301. 

  302.   /* The password first, since that is what is most unknown */
    303. 

  303.   PHP_MD5Update(&ctx, (const unsigned char *)pw, pwl);
    304. 

  304. 

  305.   /* Then our magic string */
    306. 

  306.   PHP_MD5Update(&ctx, (const unsigned char *)MD5_MAGIC, MD5_MAGIC_LEN);
    307. 

  307. 

  308.   /* Then the raw salt */
    309. 

  309.   PHP_MD5Update(&ctx, (const unsigned char *)sp, sl);
    310. 

  310. 

  311.   /* Then just as many characters of the MD5(pw,salt,pw) */
    312. 

  312.   PHP_MD5Init(&ctx1);
    313. 

  313.   PHP_MD5Update(&ctx1, (const unsigned char *)pw, pwl);
    314. 

  314.   PHP_MD5Update(&ctx1, (const unsigned char *)sp, sl);
    315. 

  315.   PHP_MD5Update(&ctx1, (const unsigned char *)pw, pwl);
    316. 

  316.   PHP_MD5Final(final, &ctx1);
    317. 

  317. 

  318.   for (pl = pwl; pl > 0; pl -= 16)
    319. 

  319.     PHP_MD5Update(&ctx, final, (unsigned int)(pl > 16 ? 16 : pl));
    320. 

  320. 

  321.   /* Don't leave anything around in vm they could use. */
    322. 

  322.   memset(final, 0, sizeof(final));
    323. 

  323. 

  324.   /* Then something really weird... */
    325. 

  325.   for (i = pwl; i != 0; i >>= 1)
    326. 

  326.     if ((i & 1) != 0)
    327. 

  327.         PHP_MD5Update(&ctx, final, 1);
    328. 

  328.     else
    329. 

  329.         PHP_MD5Update(&ctx, (const unsigned char *)pw, 1);
    330. 

  330. 

  331.   /* Now make the output string */
    332. 

  332.   memcpy(passwd, MD5_MAGIC, MD5_MAGIC_LEN);
    333. 

  333.   strlcpy(passwd + MD5_MAGIC_LEN, sp, sl + 1);
    334. 

  334.   strcat(passwd, "$");
    335. 

  335. 

  336.   PHP_MD5Final(final, &ctx);
    337. 

  337. 

  338.   /*
    339. 

  339.    * And now, just to make sure things don't run too fast. On a 60 MHz
    340. 

  340.    * Pentium this takes 34 msec, so you would need 30 seconds to build
    341. 

  341.    * a 1000 entry dictionary...
    342. 

  342.    */
    343. 

  343.   for (i = 0; i < 1000; i++) {
    344. 

  344.     PHP_MD5Init(&ctx1);
    345. 

  345. 

  346.     if ((i & 1) != 0)
    347. 

  347.       PHP_MD5Update(&ctx1, (const unsigned char *)pw, pwl);
    348. 

  348.     else
    349. 

  349.       PHP_MD5Update(&ctx1, final, 16);
    350. 

  350. 

  351.     if ((i % 3) != 0)
    352. 

  352.       PHP_MD5Update(&ctx1, (const unsigned char *)sp, sl);
    353. 

  353. 

  354.     if ((i % 7) != 0)
    355. 

  355.       PHP_MD5Update(&ctx1, (const unsigned char *)pw, pwl);
    356. 

  356. 

  357.     if ((i & 1) != 0)
    358. 

  358.       PHP_MD5Update(&ctx1, final, 16);
    359. 

  359.     else
    360. 

  360.       PHP_MD5Update(&ctx1, (const unsigned char *)pw, pwl);
    361. 

  361. 

  362.     PHP_MD5Final(final, &ctx1);
    363. 

  363.   }
    364. 

  364. 

  365.   p = passwd + sl + MD5_MAGIC_LEN + 1;
    366. 

  366. 

  367.   l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
    368. 

  368.   l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
    369. 

  369.   l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
    370. 

  370.   l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
    371. 

  371.   l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
    372. 

  372.   l =          final[11]    ; to64(p,l,2); p += 2;
    373. 

  373.   *p = '\0';
    374. 

  374. 

  375.   /* Don't leave anything around in vm they could use. */
    376. 

  376.   SECURE_ZERO(final, sizeof(final));
    377. 

  377.   return (passwd);
    378. 

  378. }
    379. 

  379. #endif
    380. 

  380. 

  381. }
    382. 

  382.