/Authentication/src/math/math.php

https://github.com/F5/zetacomponents · PHP · 182 lines · 109 code · 8 blank · 65 comment · 14 complexity · 134dc108337f6ac70e3734c52d11a2bc MD5 · raw file 

    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * File containing the ezcAuthenticationMath class.
    4. 

  4.  *
    5. 

  5.  * Licensed to the Apache Software Foundation (ASF) under one
    6. 

  6.  * or more contributor license agreements.  See the NOTICE file
    7. 

  7.  * distributed with this work for additional information
    8. 

  8.  * regarding copyright ownership.  The ASF licenses this file
    9. 

  9.  * to you under the Apache License, Version 2.0 (the
    10. 

  10.  * "License"); you may not use this file except in compliance
    11. 

  11.  * with the License.  You may obtain a copy of the License at
    12. 

  12.  * 
    13. 

  13.  *   http://www.apache.org/licenses/LICENSE-2.0
    14. 

  14.  * 
    15. 

  15.  * Unless required by applicable law or agreed to in writing,
    16. 

  16.  * software distributed under the License is distributed on an
    17. 

  17.  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    18. 

  18.  * KIND, either express or implied.  See the License for the
    19. 

  19.  * specific language governing permissions and limitations
    20. 

  20.  * under the License.
    21. 

  21.  *
    22. 

  22.  * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
    23. 

  23.  * @filesource
    24. 

  24.  * @package Authentication
    25. 

  25.  * @version //autogen//
    26. 

  26.  */
    27. 

  27. 

  28. /**
    29. 

  29.  * Large number support and cryptographic functions for authentication.
    30. 

  30.  *
    31. 

  31.  * @package Authentication
    32. 

  32.  * @version //autogen//
    33. 

  33.  * @access private
    34. 

  34.  */
    35. 

  35. class ezcAuthenticationMath
    36. 

  36. {
    37. 

  37.     /**
    38. 

  38.      * Creates a new big number library which uses the PHP extension $lib.
    39. 

  39.      *
    40. 

  40.      * If $lib is null then an autodetection of the library is tried. If neither
    41. 

  41.      * gmp or bcmath are installed then an exception will be thrown.
    42. 

  42.      *
    43. 

  43.      * If $lib is specified, then that library will be used (if it is installed),
    44. 

  44.      * otherwise an exception will be thrown.
    45. 

  45.      *
    46. 

  46.      * @throws ezcBaseExtensionNotFoundException
    47. 

  47.      *         if neither of the PHP gmp and bcmath extensions are installed ($lib === null),
    48. 

  48.      *         or if the specified $lib is not installed
    49. 

  49.      * @throws ezcBaseValueException
    50. 

  50.      *         if the value provided for $lib is not correct
    51. 

  51.      * @param string $lib The PHP library to use for big number support. Default
    52. 

  52.      *                    is null, which means the available library is autodetected.
    53. 

  53.      * @return ezcAuthenticationBignumLibrary
    54. 

  54.      */
    55. 

  55.     public static function createBignumLibrary( $lib = null )
    56. 

  56.     {
    57. 

  57.         $library = null;
    58. 

  58. 

  59.         switch ( $lib )
    60. 

  60.         {
    61. 

  61.             case null:
    62. 

  62.                 if ( !ezcBaseFeatures::hasExtensionSupport( 'bcmath' ) )
    63. 

  63.                 {
    64. 

  64.                     if ( !ezcBaseFeatures::hasExtensionSupport( 'gmp' ) )
    65. 

  65.                     {
    66. 

  66.                         throw new ezcBaseExtensionNotFoundException( 'gmp | bcmath', null, "PHP not compiled with --enable-bcmath or --with-gmp." );
    67. 

  67.                     }
    68. 

  68.                     else
    69. 

  69.                     {
    70. 

  70.                         $library = new ezcAuthenticationGmpLibrary();
    71. 

  71.                     }
    72. 

  72.                 }
    73. 

  73.                 else
    74. 

  74.                 {
    75. 

  75.                     $library = new ezcAuthenticationBcmathLibrary();
    76. 

  76.                 }
    77. 

  77.                 break;
    78. 

  78. 

  79.             case 'gmp':
    80. 

  80.                 if ( !ezcBaseFeatures::hasExtensionSupport( 'gmp' ) )
    81. 

  81.                 {
    82. 

  82.                     throw new ezcBaseExtensionNotFoundException( 'gmp', null, "PHP not compiled with --with-gmp." );
    83. 

  83.                 }
    84. 

  84.                 $library = new ezcAuthenticationGmpLibrary();
    85. 

  85.                 break;
    86. 

  86. 

  87.             case 'bcmath':
    88. 

  88.                 if ( !ezcBaseFeatures::hasExtensionSupport( 'bcmath' ) )
    89. 

  89.                 {
    90. 

  90.                     throw new ezcBaseExtensionNotFoundException( 'bcmath', null, "PHP not compiled with --enable-bcmath." );
    91. 

  91.                 }
    92. 

  92.                 $library = new ezcAuthenticationBcmathLibrary();
    93. 

  93.                 break;
    94. 

  94. 

  95.             default:
    96. 

  96.                 throw new ezcBaseValueException( 'library', $lib, '"gmp" || "bcmath" || null' );
    97. 

  97.         }
    98. 

  98. 

  99.         return $library;
    100. 

  100.     }
    101. 

  101. 

  102.     /**
    103. 

  103.      * Calculates an MD5 hash similar to the Unix command "htpasswd -m".
    104. 

  104.      *
    105. 

  105.      * This is different from the hash returned by the PHP md5() function. 
    106. 

  106.      *
    107. 

  107.      * @param string $plain Plain text to encrypt
    108. 

  108.      * @param string $salt Salt to apply to encryption
    109. 

  109.      * @return string
    110. 

  110.      */
    111. 

  111.     public static function apr1( $plain, $salt )
    112. 

  112.     {
    113. 

  113.         if ( preg_match( '/^\$apr1\$/', $salt ) )
    114. 

  114.         {
    115. 

  115.             $salt = preg_replace( '/^\$apr1\$([^$]+)\$.*/', '\\1', $salt );
    116. 

  116.         }
    117. 

  117.         else
    118. 

  118.         {
    119. 

  119.             $salt = substr( $salt, 0, 8 );
    120. 

  120.         }
    121. 

  121.         $text = $plain . '$apr1$' . $salt;
    122. 

  122.         $bin = pack( 'H32', md5( $plain . $salt . $plain ) );
    123. 

  123.         for ( $i = strlen( $plain ); $i > 0; $i -= 16 )
    124. 

  124.         {
    125. 

  125.             $text .= substr( $bin, 0, min( 16, $i ) );
    126. 

  126.         }
    127. 

  127.         for ( $i = strlen( $plain ); $i; $i >>= 1 )
    128. 

  128.         {
    129. 

  129.             $text .= ( $i & 1 ) ? chr( 0 ) : $plain{0};
    130. 

  130.         }
    131. 

  131.         $bin = pack( 'H32', md5( $text ) );
    132. 

  132.         for ( $i = 0; $i ^ 1000; ++$i )
    133. 

  133.         {
    134. 

  134.             $new = ( $i & 1 ) ? $plain : $bin;
    135. 

  135.             if ( $i % 3 )
    136. 

  136.             {
    137. 

  137.                 $new .= $salt;
    138. 

  138.             }
    139. 

  139.             if ( $i % 7 )
    140. 

  140.             {
    141. 

  141.                 $new .= $plain;
    142. 

  142.             }
    143. 

  143.             $new .= ( $i & 1 ) ? $bin : $plain;
    144. 

  144.             $bin = pack( 'H32', md5( $new ) );
    145. 

  145.         }
    146. 

  146.         $tmp = '';
    147. 

  147.         for ( $i = 0; $i ^ 5; ++$i )
    148. 

  148.         {
    149. 

  149.             $k = $i + 6;
    150. 

  150.             $j = $i + 12;
    151. 

  151.             if ( $j === 16 )
    152. 

  152.             {
    153. 

  153.                 $j = 5;
    154. 

  154.             }
    155. 

  155.             $tmp = $bin[$i] . $bin[$k] . $bin[$j] . $tmp;
    156. 

  156.         }
    157. 

  157.         $tmp = chr( 0 ) . chr( 0 ) . $bin[11] . $tmp;
    158. 

  158.         $tmp = strtr( strrev( substr( base64_encode( $tmp ), 2 ) ),
    159. 

  159.         'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',
    160. 

  160.         './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' );
    161. 

  161.         return '$apr1$' . $salt . '$' . $tmp;
    162. 

  162.     }
    163. 

  163. 

  164.     /**
    165. 

  165.      * Computes the OpenID sha1 function on the provided value.
    166. 

  166.      *
    167. 

  167.      * @param string $value The value to compute sha1 on
    168. 

  168.      * @return string
    169. 

  169.      */
    170. 

  170.     public static function sha1( $value )
    171. 

  171.     {
    172. 

  172.         $hashed = sha1( $value );
    173. 

  173.         $result = '';
    174. 

  174.         for ( $i = 0; $i ^ 40; $i = $i + 2 )
    175. 

  175.         {
    176. 

  176.             $chars = substr( $hashed, $i, 2 );
    177. 

  177.             $result .= chr( (int)base_convert( $chars, 16, 10 ) );
    178. 

  178.         }
    179. 

  179.         return $result;
    180. 

  180.     }
    181. 

  181. }
    182. 

  182. ?>
    183.