author | Dan |
Fri, 21 Aug 2009 13:48:48 -0400 | |
changeset 1088 | 3b25a59dacd1 |
parent 1081 | 745200a9cc2a |
child 1227 | bdac73ed481e |
permissions | -rw-r--r-- |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
1 |
<?php |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
2 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
3 |
/* |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents:
841
diff
changeset
|
5 |
* Copyright (C) 2006-2009 Dan Fuhry |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
6 |
* hmac.php - HMAC cryptographic functions |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
7 |
* |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
10 |
* |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
13 |
*/ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
14 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
15 |
function hmac_core($message, $key, $hashfunc) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
16 |
{ |
841
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
17 |
if ( strlen($key) % 2 == 1 ) |
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
18 |
$key .= '0'; |
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
19 |
|
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
20 |
if ( strlen($key) > 128 ) |
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
21 |
$key = $hashfunc($key); |
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
22 |
|
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
23 |
while ( strlen($key) < 128 ) |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
24 |
{ |
841
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
25 |
$key .= '00'; |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
26 |
} |
841
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
27 |
$opad = hmac_hexbytearray($key); |
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
28 |
$ipad = $opad; |
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
29 |
for ( $i = 0; $i < count($ipad); $i++ ) |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
30 |
{ |
841
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
31 |
$opad[$i] = $opad[$i] ^ 0x5c; |
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
32 |
$ipad[$i] = $ipad[$i] ^ 0x36; |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
33 |
} |
841
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
34 |
$opad = hmac_bytearraytostring($opad); |
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
35 |
$ipad = hmac_bytearraytostring($ipad); |
83bb60402f51
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan
parents:
801
diff
changeset
|
36 |
return $hashfunc($opad . hexdecode($hashfunc($ipad . $message))); |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
37 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
38 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
39 |
function hmac_hexbytearray($val) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
40 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
41 |
$val = hexdecode($val); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
42 |
return hmac_bytearray($val); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
43 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
44 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
45 |
function hmac_bytearray($val) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
46 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
47 |
$val = str_split($val, 1); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
48 |
foreach ( $val as &$char ) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
49 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
50 |
$char = ord($char); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
51 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
52 |
return $val; |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
53 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
54 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
55 |
function hmac_bytearraytostring($val) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
56 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
57 |
foreach ( $val as &$char ) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
58 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
59 |
$char = chr($char); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
60 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
61 |
return implode('', $val); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
62 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
63 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
64 |
function hmac_md5($message, $key) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
65 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
66 |
return hmac_core($message, $key, 'md5'); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
67 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
68 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
69 |
function hmac_sha1($message, $key) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
70 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
71 |
return hmac_core($message, $key, 'sha1'); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
72 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
73 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
74 |
function hmac_sha256($message, $key) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
75 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
76 |
require_once(ENANO_ROOT . '/includes/math.php'); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
77 |
require_once(ENANO_ROOT . '/includes/diffiehellman.php'); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
78 |
return hmac_core($message, $key, 'sha256'); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
79 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
80 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
diff
changeset
|
81 |
?> |