function HashPassword($password)
{
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$hash = "{SSHA}" . base64_encode(mhash(MHASH_SHA1, $password . $salt) . $salt);
return $hash;
}
/**
* Generate the new key
*
* @param string $hash The hash algorithm to be used by HMAC
* @param string $password The source password/key
* @param int $bytes The output size in bytes
* @param string $salt The salt of the algorithm
* @throws Exception\InvalidArgumentException
* @return string
*/
public static function calc($hash, $password, $salt, $bytes)
{
if (!in_array($hash, array_keys(static::$supportedMhashAlgos))) {
throw new Exception\InvalidArgumentException("The hash algorihtm {$hash} is not supported by " . __CLASS__);
}
if (strlen($salt) < 8) {
throw new Exception\InvalidArgumentException('The salt size must be at least of 8 bytes');
}
return mhash_keygen_s2k(static::$supportedMhashAlgos[$hash], $password, $salt, $bytes);
}
/**
* nv_Crypt::hash()
*
* @param mixed $data
* @param bool $is_salt
* @return
*/
public function hash($data, $is_salt = false)
{
$inner = pack('H32', call_user_func($this->_func, $this->_ipad . $data));
$digest = call_user_func($this->_func, $this->_opad . $inner);
if (!$is_salt) {
return $digest;
}
$mhast = constant('MHASH_' . strtoupper($this->_func));
$salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
$salt = mhash_keygen_s2k($mhast, $digest, substr(pack('h*', md5($salt)), 0, 8), 4);
$hash = strtr(base64_encode(mhash($mhast, $digest . $salt) . $salt), '+/=', '-_,');
return $hash;
}
function ssha($pass)
{
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $pass, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
return base64_encode(mhash(MHASH_SHA1, $pass . $salt) . $salt);
}
function encode_password($password = '', $encoding = '')
{
if ($encoding == '') {
$encoding = $this->password_encryption;
}
if (strcasecmp($encoding, "clear") == 0) {
$encodedpass = $password;
} elseif (strcasecmp($encoding, "crypt") == 0) {
$encodedpass = "******" . crypt($password);
} elseif (strcasecmp($encoding, "md5") == 0) {
$encodedpass = "******" . base64_encode(pack("H*", md5($password)));
} elseif (strcasecmp($encoding, "ssha") == 0) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, mb_substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$encodedpass = "******" . base64_encode(mhash(MHASH_SHA1, $password . $salt) . $salt);
} else {
return false;
exit;
}
return $encodedpass;
}
/**
* Code originaly from the phpLDAPadmin development team
* http://phpldapadmin.sourceforge.net/
*
* Hashes a password and returns the hash based on the specified enc_type
*/
static function hash_password($password_clear, $encodage_type)
{
$encodage_type = strtolower($encodage_type);
switch ($encodage_type) {
case 'crypt':
$crypted_password = '******' . crypt($password_clear, self::random_salt(2));
break;
case 'ext_des':
/* Extended DES crypt. see OpenBSD crypt man page */
if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
/* Your system crypt library does not support extended DES encryption */
return false;
}
$crypted_password = '******' . crypt($password_clear, '_' . self::random_salt(8));
break;
case 'md5crypt':
if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
/* Your system crypt library does not support md5crypt encryption */
return false;
}
$crypted_password = '******' . crypt($password_clear, '$1$' . self::random_salt(9));
break;
case 'blowfish':
if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
/* Your system crypt library does not support blowfish encryption */
return false;
}
/* Hardcoded to second blowfish version and set number of rounds */
$crypted_password = '******' . crypt($password_clear, '$2a$12$' . self::random_salt(13));
break;
case 'md5':
$crypted_password = '******' . base64_encode(pack('H*', md5($password_clear)));
break;
case 'sha':
if (function_exists('sha1')) {
/* Use PHP 4.3.0+ sha1 function, if it is available */
$crypted_password = '******' . base64_encode(pack('H*', sha1($password_clear)));
} else {
if (function_exists('hash')) {
$crypted_password = '******' . base64_encode(hash('sha1', $password_clear, true));
} else {
if (function_exists('mhash')) {
$crypted_password = '******' . base64_encode(mhash(MHASH_SHA1, $password_clear));
} else {
/* Your PHP install does not have the mhash()/hash() nor sha1() function */
return false;
}
}
}
break;
case 'ssha':
mt_srand((double) microtime() * 1000000);
$salt = substr(pack('h*', md5(mt_rand())), 0, 8);
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
$salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, $salt, 4);
$password = mhash(MHASH_MD5, $password_clear . $salt);
} else {
if (function_exists('sha1')) {
$salt = substr(pack("H*", sha1($salt . $password_clear)), 0, 4);
$password = sha1($password_clear . $salt, true);
} else {
if (function_exists('hash')) {
$salt = substr(pack("H*", hash('sha1', $salt . $password_clear)), 0, 4);
$password = hash('sha1', $password_clear . $salt, true);
}
}
}
if ($password) {
$crypted_password = '******' . base64_encode($password . $salt);
} else {
/* Your PHP install does not have the mhash()/hash() nor sha1() function */
return false;
}
break;
case 'smd5':
mt_srand((double) microtime() * 1000000);
$salt = substr(pack('h*', md5(mt_rand())), 0, 8);
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
$salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, $salt, 4);
$password = mhash(MHASH_MD5, $password_clear . $salt);
} else {
if (function_exists('hash')) {
$salt = substr(pack("H*", hash('md5', $salt . $password_clear)), 0, 4);
$password = hash('md5', $password_clear . $salt, true);
} else {
$salt = substr(pack("H*", md5($salt . $password_clear)), 0, 4);
$password = md5($password_clear . $salt, true);
}
}
$crypted_password = '******' . base64_encode($password . $salt);
break;
case 'samba':
if (function_exists('hash')) {
$crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE'));
$crypted_password = strtoupper($crypted_password);
} else {
/* Your PHP install does not have the hash() function */
return false;
}
break;
case 'ad':
$crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE');
break;
case 'clear':
default:
$crypted_password = $password_clear;
}
return $crypted_password;
}
public function keygen($length)
{
return mhash_keygen_s2k(MHASH_MD5, md5(mt_rand()), md5(mt_rand()), $length);
}
/**
* Hashes a password and returns the hash based on the specified method
*
* Parts of the code originally from the phpLDAPadmin development team
* http://phpldapadmin.sourceforge.net/
*
* @param string Clear password
* @param string Hashing method
* @param bool|string Prefix string or TRUE to add a default prefix
*
* @return string Hashed password
*/
static function hash_password($password, $method = '', $prefixed = true)
{
$method = strtolower($method);
$rcmail = rcmail::get_instance();
if (empty($method) || $method == 'default') {
$method = $rcmail->config->get('password_algorithm');
$prefixed = $rcmail->config->get('password_algorithm_prefix');
$default = true;
} else {
if ($method == 'crypt') {
// deprecated
if (!($method = $rcmail->config->get('password_crypt_hash'))) {
$method = 'md5';
}
if (!strpos($method, '-crypt')) {
$method .= '-crypt';
}
}
}
switch ($method) {
case 'des':
case 'des-crypt':
$crypted = crypt($password, self::random_salt(2));
$prefix = '{CRYPT}';
break;
case 'ext_des':
// for BC
// for BC
case 'ext-des-crypt':
$crypted = crypt($password, '_' . self::random_salt(8));
$prefix = '{CRYPT}';
break;
case 'md5crypt':
// for BC
// for BC
case 'md5-crypt':
$crypted = crypt($password, '$1$' . self::random_salt(9));
$prefix = '{CRYPT}';
break;
case 'sha256-crypt':
$crypted = crypt($password, '$5$' . self::random_salt(16));
$prefix = '{CRYPT}';
break;
case 'sha512-crypt':
$crypted = crypt($password, '$6$' . self::random_salt(16));
$prefix = '{CRYPT}';
break;
case 'blowfish':
// for BC
// for BC
case 'blowfish-crypt':
$cost = (int) $rcmail->config->get('password_blowfish_cost');
$cost = $cost < 4 || $cost > 31 ? 12 : $cost;
$prefix = sprintf('$2a$%02d$', $cost);
$crypted = crypt($password, $prefix . self::random_salt(22));
$prefix = '{CRYPT}';
break;
case 'md5':
$crypted = base64_encode(pack('H*', md5($password)));
$prefix = '{MD5}';
break;
case 'sha':
if (function_exists('sha1')) {
$crypted = pack('H*', sha1($password));
} else {
if (function_exists('hash')) {
$crypted = hash('sha1', $password, true);
} else {
if (function_exists('mhash')) {
$crypted = mhash(MHASH_SHA1, $password);
} else {
rcube::raise_error(array('code' => 600, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: Your PHP install does not have the mhash()/hash() nor sha1() function"), true, true);
}
}
}
$crypted = base64_encode($crypted);
$prefix = '{SHA}';
break;
case 'ssha':
$salt = substr(pack('h*', md5(mt_rand())), 0, 8);
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, $salt, 4);
$crypted = mhash(MHASH_SHA1, $password . $salt);
} else {
if (function_exists('sha1')) {
$salt = substr(pack("H*", sha1($salt . $password)), 0, 4);
$crypted = sha1($password . $salt, true);
} else {
if (function_exists('hash')) {
$salt = substr(pack("H*", hash('sha1', $salt . $password)), 0, 4);
$crypted = hash('sha1', $password . $salt, true);
} else {
rcube::raise_error(array('code' => 600, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: Your PHP install does not have the mhash()/hash() nor sha1() function"), true, true);
}
}
}
$crypted = base64_encode($crypted . $salt);
$prefix = '{SSHA}';
break;
case 'smd5':
$salt = substr(pack('h*', md5(mt_rand())), 0, 8);
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
$salt = mhash_keygen_s2k(MHASH_MD5, $password, $salt, 4);
$crypted = mhash(MHASH_MD5, $password . $salt);
} else {
if (function_exists('hash')) {
$salt = substr(pack("H*", hash('md5', $salt . $password)), 0, 4);
$crypted = hash('md5', $password . $salt, true);
} else {
$salt = substr(pack("H*", md5($salt . $password)), 0, 4);
$crypted = md5($password . $salt, true);
}
}
$crypted = base64_encode($crypted . $salt);
$prefix = '{SMD5}';
break;
case 'samba':
if (function_exists('hash')) {
$crypted = hash('md4', rcube_charset::convert($password, RCUBE_CHARSET, 'UTF-16LE'));
$crypted = strtoupper($crypted_password);
} else {
rcube::raise_error(array('code' => 600, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: Your PHP install does not have hash() function"), true, true);
}
break;
case 'ad':
$crypted = rcube_charset::convert('"' . $password . '"', RCUBE_CHARSET, 'UTF-16LE');
break;
case 'cram-md5':
// deprecated
require_once __DIR__ . '/../helpers/dovecot_hmacmd5.php';
$crypted = dovecot_hmacmd5($password);
$prefix = '{CRAM-MD5}';
break;
case 'dovecot':
if (!($dovecotpw = $rcmail->config->get('password_dovecotpw'))) {
$dovecotpw = 'dovecotpw';
}
if (!($method = $rcmail->config->get('password_dovecotpw_method'))) {
$method = 'CRAM-MD5';
}
// use common temp dir
$tmp_dir = $rcmail->config->get('temp_dir');
$tmpfile = tempnam($tmp_dir, 'roundcube-');
$pipe = popen("{$dovecotpw} -s '{$method}' > '{$tmpfile}'", "w");
if (!$pipe) {
unlink($tmpfile);
return false;
} else {
fwrite($pipe, $passwd . "\n", 1 + strlen($passwd));
usleep(1000);
fwrite($pipe, $passwd . "\n", 1 + strlen($passwd));
pclose($pipe);
$crypted = trim(file_get_contents($tmpfile), "\n");
unlink($tmpfile);
if (!preg_match('/^\\{' . $method . '\\}/', $newpass)) {
return false;
}
if (!$default) {
$prefixed = (bool) $rcmail->config->get('password_dovecotpw_with_method');
}
if (!$prefixed) {
$crypted = trim(str_replace('{' . $method . '}', '', $crypted));
}
$prefixed = false;
}
break;
case 'hash':
// deprecated
if (!extension_loaded('hash')) {
rcube::raise_error(array('code' => 600, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: 'hash' extension not loaded!"), true, true);
}
if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) {
$hash_algo = 'sha1';
}
$crypted = hash($hash_algo, $password);
if ($rcmail->config->get('password_hash_base64')) {
$crypted = base64_encode(pack('H*', $crypted));
}
break;
case 'clear':
$crypted = $password;
}
if ($crypted === null || $crypted === false) {
return false;
}
if ($prefixed && $prefixed !== true) {
$prefix = $prefixed;
$prefixed = true;
}
if ($prefixed === true && $prefix) {
$crypted = $prefix . $crypted;
}
return $crypted;
}
/**
* Code originaly from the phpLDAPadmin development team
* http://phpldapadmin.sourceforge.net/
*
* Hashes a password and returns the hash based on the specified enc_type.
*
* @param string $passwordClear The password to hash in clear text.
* @param string $encodageType Standard LDAP encryption type which must be one of
* crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
* @return string The hashed password.
*
*/
function hashPassword($passwordClear, $encodageType)
{
$encodageType = strtolower($encodageType);
switch ($encodageType) {
case 'crypt':
$cryptedPassword = '******' . crypt($passwordClear, randomSalt(2));
break;
case 'ext_des':
// extended des crypt. see OpenBSD crypt man page.
if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
// Your system crypt library does not support extended DES encryption.
return FALSE;
}
$cryptedPassword = '******' . crypt($passwordClear, '_' . randomSalt(8));
break;
case 'md5crypt':
if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
// Your system crypt library does not support md5crypt encryption.
return FALSE;
}
$cryptedPassword = '******' . crypt($passwordClear, '$1$' . randomSalt(9));
break;
case 'blowfish':
if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
// Your system crypt library does not support blowfish encryption.
return FALSE;
}
// hardcoded to second blowfish version and set number of rounds
$cryptedPassword = '******' . crypt($passwordClear, '$2a$12$' . randomSalt(13));
break;
case 'md5':
$cryptedPassword = '******' . base64_encode(pack('H*', md5($passwordClear)));
break;
case 'sha':
if (function_exists('sha1')) {
// use php 4.3.0+ sha1 function, if it is available.
$cryptedPassword = '******' . base64_encode(pack('H*', sha1($passwordClear)));
} elseif (function_exists('mhash')) {
$cryptedPassword = '******' . base64_encode(mhash(MHASH_SHA1, $passwordClear));
} else {
return FALSE;
//Your PHP install does not have the mhash() function. Cannot do SHA hashes.
}
break;
case 'ssha':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $passwordClear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$cryptedPassword = '******' . base64_encode(mhash(MHASH_SHA1, $passwordClear . $salt) . $salt);
} else {
return FALSE;
//Your PHP install does not have the mhash() function. Cannot do SHA hashes.
}
break;
case 'smd5':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_MD5, $passwordClear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$cryptedPassword = '******' . base64_encode(mhash(MHASH_MD5, $passwordClear . $salt) . $salt);
} else {
return FALSE;
//Your PHP install does not have the mhash() function. Cannot do SHA hashes.
}
break;
case 'samba':
if (function_exists('hash')) {
$cryptedPassword = hash('md4', rcube_charset_convert($passwordClear, RCMAIL_CHARSET, 'UTF-16LE'));
$cryptedPassword = strtoupper($cryptedPassword);
} else {
/* Your PHP install does not have the hash() function */
return false;
}
break;
case 'clear':
default:
$cryptedPassword = $passwordClear;
}
return $cryptedPassword;
}
/**
* Returns a salt for the appropriate kind of password encryption.
* Optionally takes a seed and a plaintext password, to extract the seed
* of an existing password, or for encryption types that use the plaintext
* in the generation of the salt.
*
* @param string $encryption The kind of password encryption to use.
* Defaults to md5-hex.
* @param string $seed The seed to get the salt from (probably a
* previously generated password). Defaults to
* generating a new seed.
* @param string $plaintext The plaintext password that we're generating
* a salt for. Defaults to none.
*
* @return string The generated or extracted salt.
*
* @since 11.1
*/
public static function getSalt($encryption = 'md5-hex', $seed = '', $plaintext = '')
{
// Encrypt the password.
switch ($encryption) {
case 'crypt':
case 'crypt-des':
if ($seed) {
return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 2);
} else {
return substr(md5(mt_rand()), 0, 2);
}
break;
case 'crypt-md5':
if ($seed) {
return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 12);
} else {
return '$1$' . substr(md5(mt_rand()), 0, 8) . '$';
}
break;
case 'crypt-blowfish':
if ($seed) {
return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 16);
} else {
return '$2$' . substr(md5(mt_rand()), 0, 12) . '$';
}
break;
case 'ssha':
if ($seed) {
return substr(preg_replace('|^{SSHA}|', '', $seed), -20);
} else {
return mhash_keygen_s2k(MHASH_SHA1, $plaintext, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
}
break;
case 'smd5':
if ($seed) {
return substr(preg_replace('|^{SMD5}|', '', $seed), -16);
} else {
return mhash_keygen_s2k(MHASH_MD5, $plaintext, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
}
break;
case 'aprmd5':
/* 64 characters that are valid for APRMD5 passwords. */
$APRMD5 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if ($seed) {
return substr(preg_replace('/^\\$apr1\\$(.{8}).*/', '\\1', $seed), 0, 8);
} else {
$salt = '';
for ($i = 0; $i < 8; $i++) {
$salt .= $APRMD5[rand(0, 63)];
}
return $salt;
}
break;
default:
$salt = '';
if ($seed) {
$salt = $seed;
}
return $salt;
break;
}
}
<?php
$supported_hash_al = array("MHASH_MD5" => "8690154eaf9432cde9347aa15094b9c046eb06e6a0940c5479aa7a6367ae68b5e0e0745e5709fede2d9fe9739d9aad413759faa73acced821077b4ddb2788064e371eb53b3a9d55ed2839aab2655c82cfedbe83a208461c799d9d77ae481061c81539b01", "MHASH_SHA1" => "dd315c70061d07455d53c2fb0b08df0c61aa665c1ab1a701fa10955423248ba832a5ade406b39b78630aba3d1688e622494a0eae279d4ece9ad4bdf76e878fcb084a33c9153c2b48131d30a75b00a7c05b91f1ffeabf59bb1271c4d8a11990b84baf6d49", "MHASH_HAVAL256" => "0ede47009f87d5e9a24ecf5077d60c483657a5d98404ab2bb780f5872c90caf61c0d67645a848e55fee107296f4169c95b4e61f0aeeefab2648554c1171fb0a2fc32aa5aeed3d5c155d334367d4959622cdadefe43ae17bd1a75f9d4fef77bf192be5b78", "MHASH_HAVAL224" => "5c4aff3d825ad608f608c8eae779ee3868610bc60a98f3d770b311a6677c797fc2dadcab71dde0c0191e068397ab297f0de5cbbc6cbcd0c78ca8470c42401f6b77e81dc2ba8d51930ff982760335324fb850ac2d30b73514004c096d60472d320e0ec349", "MHASH_HAVAL192" => "22e0c27126023c852ef94107bb2f1ee132b064178b9dcbfb1c32e658760b8f70bdc5b1c52599031628c2433bee2b0870ab7a38aeb21215134ec1088975b9a96487642971ef9eb3d987baf9765fd9e6d64d494e1719aa84afe7e0a0784c74979ebab1c787", "MHASH_HAVAL160" => "d6e5f0ef07f3facced646eedb6364758ecde6dc6fb061e00a496f5ceb723f78ea135884d9682226ded69c11d8431240ef97cad583c4f29593bbf3dd3cab0b8792eb3d86022ca6002ebd0d9b4429909d4af85bed2b5a96b3e47b9b8cac919c1177ec40d7e", "MHASH_RIPEMD160" => "e4d5db469af29f78e2b90dc735c9cf020a1d5b19a6674458677794d4dca144d426c562aff98d8e866a8a924299ebf6b0ea9a1637f987a1fb5de9b647edc35b1447605e1babc3084be7a003931117eb33432d4142e225df044b033f3ff64bb4a18682a4f9", "MHASH_GOST" => "c044f669bd7e8643953d77c682fd179242d9df157dadf873be4d9601e4647c018234689359e7220ab0492a6240d184c478634073dea87f79be7f86fd4e2564f7d709b68a46440a121250e00fc7d57d45a9c07ee23a704ff4148c0dad7077ec527b194d87", "MHASH_TIGER" => "470aca9d7bc9ea67e46402332f26f6b15532fe6037231cce297912d32f5142f6276b2358e7f1ccba8b116ec0c0c2a46845f7a5042f0ee41906c0db9ba9b80f82181720314d2a70981bba79da4bc9c4564d95f8d709d5604fd48d369797a218a862196f48", "MHASH_CRC32" => "481c40148c26185f9a59ef18e86f51c5d2d0315b46711d22ae08c1ccdd669fe956c817380815e3a545f6ee453c9da48d1d994dbc3ac8ba85a572108412f06b2a16b1489cda75b118e82f7d9bdfdb68336957bbf19e4a3f76750d6985a53dd557229dfcf3", "MHASH_CRC32B" => "65ab6cb5fb7d3ea67f5da92a9bd746b6628a13368fcbcd43af49092e9c6a960fd030a5ce3c1f0ddb512ec698be96e77969748db66278b0fd837d24d8c898f50bd70993b48cc8accf4b44c54431e91385ddf04c7560a1a7368fc9e6f763457c90b07f04f1");
foreach ($supported_hash_al as $hash => $wanted) {
$passwd = str_repeat($hash, 10);
$salt = str_repeat($hash, 2);
$result = mhash_keygen_s2k(constant($hash), $passwd, $salt, 100);
if (!strcmp(bin2hex($result), $wanted)) {
echo "{$hash}\nok\n";
} else {
echo "{$hash}: ";
var_dump($wanted);
echo "{$hash}: ";
var_dump(bin2hex($result));
}
echo "\n";
}
/**
* Stores this Crypt_KeyStore to the given output stream, and protects its
* integrity with the given password.
*
* @param string $filename path and file name of key store file
* @param string $password password used encrypt key store
* @param array $options store options
*
* @return void
*/
public function store($filename, $password, $options = array())
{
try {
// open the file in write mode, truncate any existing file, and go to
// the beginning
$fd = fopen($filename, 'w');
if ($fd == false) {
throw new Crypt_KeyStore_Exception("Failed to open key store");
}
$processedOpts = $this->_processSymmetricOptions($options);
/* Open the cipher */
$td = mcrypt_module_open($processedOpts[self::OPT_CIPHER], '', $processedOpts[self::OPT_MODE], '');
// Create the IV and determine the keysize length, use MCRYPT_RAND
// on Windows instead
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$salt = substr(pack('H*', md5(mt_rand())), 0, $processedOpts[self::OPT_SALTSIZE]);
/* Create key */
$enc_key = mhash_keygen_s2k($processedOpts[self::OPT_HASH], $password, $salt, mcrypt_enc_get_key_size($td));
/* Intialize encryption */
mcrypt_generic_init($td, $enc_key, $iv);
// the file contents will have 16 bytes of data - the IV and the
// key salt so we can decrypt the file later
fwrite($fd, bin2hex($iv));
fwrite($fd, bin2hex($salt));
foreach ($this->_entries as $alias => $entry) {
// each entry is stored as:
// |alias,type,encrypted_size_in_bytes,key algorithm,
// keysize,hex-encoded encrypted_data|
$strEntry = "" . $entry;
$entryType = $entry->getEntryType();
fwrite($fd, "|");
fwrite($fd, $alias);
fwrite($fd, ",");
fwrite($fd, $entryType);
fwrite($fd, ",");
fwrite($fd, count($strEntry));
fwrite($fd, ",");
switch ($entryType) {
case Crypt_KeyStore_BaseEntry::PRIVATEKEY_TYPE:
$algo = $entry->getPrivateKey()->getAlgorithm();
$keysize = $entry->getPrivateKey()->getSize();
break;
case Crypt_KeyStore_BaseEntry::SECRETKEY_TYPE:
$algo = $entry->getSecretKey()->getAlgorithm();
$keysize = $entry->getSecretKey()->getSize();
break;
case Crypt_KeyStore_BaseEntry::TRUSTEDCERT_TYPE:
$algo = '';
$keysize = 0;
break;
}
fwrite($fd, $algo);
fwrite($fd, ",");
fwrite($fd, $keysize);
fwrite($fd, ",");
fwrite($fd, bin2hex(mcrypt_generic($td, $strEntry)));
fwrite($fd, "|");
}
/* Terminate encryption handler */
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
// close file desc
fclose($fd);
} catch (Crypt_KeyStore_Exception $e) {
throw $e;
} catch (Exception $e) {
// general exception handler
throw new Crypt_KeyStore_Exception($e);
}
return;
}
/**
* create hashed password
* @param string $pass plain text password
* @param string $crypto used crypto algorithm
* @param array $msgs array used for error messages
* @param string $forced_salt salt that should be used during hashing.
* Is used only when is not set to empty string. Salt should be formated
* according to $crypto requirements.
* @return hashed password or false.
*/
function cpw_ldap_password_hash($pass, $crypto, &$msgs, $forced_salt = '')
{
// set default return code
$ret = false;
// lowercase crypto just in case
$crypto = strtolower($crypto);
// extra symbols used for random string in crypt salt
// squirrelmail GenerateRandomString() adds alphanumerics with third argument = 7.
$extra_salt_chars = './';
// encrypt/hash password
switch ($crypto) {
case 'md4':
// minimal requirement = php with mhash extension
if (function_exists('mhash') && defined('MHASH_MD4')) {
$ret = '{MD4}' . base64_encode(mhash(MHASH_MD4, $pass));
} else {
array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'md4'), _("PHP mhash extension is missing or does not support selected crypto."));
}
break;
case 'md5':
$ret = '{MD5}' . base64_encode(pack('H*', md5($pass)));
break;
case 'smd5':
// minimal requirement = mhash extension with md5 support and php 4.0.4.
if (function_exists('mhash') && function_exists('mhash_keygen_s2k') && defined('MHASH_MD5')) {
if ($forced_salt != '') {
$salt = $forced_salt;
} else {
$salt = mhash_keygen_s2k(MHASH_MD5, $pass, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
}
$ret = "{SMD5}" . base64_encode(mhash(MHASH_MD5, $pass . $salt) . $salt);
} else {
// use two array_push calls in order to display messages in different lines.
array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'smd5'), _("PHP mhash extension is missing or does not support selected crypto."));
}
break;
case 'rmd160':
// minimal requirement = php with mhash extension
if (function_exists('mhash') && defined('MHASH_RIPEMD160')) {
$ret = '{RMD160}' . base64_encode(mhash(MHASH_RIPEMD160, $pass));
} else {
array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'ripe-md160'), _("PHP mhash extension is missing or does not support selected crypto."));
}
break;
case 'sha':
// minimal requirement = php 4.3.0+ or php with mhash extension
if (function_exists('sha1') && defined('MHASH_SHA1')) {
// use php 4.3.0+ sha1 function, if it is available.
$ret = '{SHA}' . base64_encode(pack('H*', sha1($pass)));
} elseif (function_exists('mhash')) {
$ret = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $pass));
} else {
array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'sha'), _("PHP mhash extension is missing or does not support selected crypto."));
}
break;
case 'ssha':
// minimal requirement = mhash extension and php 4.0.4
if (function_exists('mhash') && function_exists('mhash_keygen_s2k') && defined('MHASH_SHA1')) {
if ($forced_salt != '') {
$salt = $forced_salt;
} else {
$salt = mhash_keygen_s2k(MHASH_SHA1, $pass, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
}
$ret = "{SSHA}" . base64_encode(mhash(MHASH_SHA1, $pass . $salt) . $salt);
} else {
array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'ssha'), _("PHP mhash extension is missing or does not support selected crypto."));
}
break;
case 'crypt':
if (defined('CRYPT_STD_DES') && CRYPT_STD_DES == 1) {
$ret = '{CRYPT}' . crypt($pass, GenerateRandomString(2, $extra_salt_chars, 7));
} else {
array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'crypt'), _("System crypt library doesn't support standard DES crypt."));
}
break;
case 'md5crypt':
// check if crypt() supports md5
if (defined('CRYPT_MD5') && CRYPT_MD5 == 1) {
$ret = '{CRYPT}' . crypt($pass, '$1$' . GenerateRandomString(9, $extra_salt_chars, 7));
} else {
array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'md5crypt'), _("System crypt library doesn't have MD5 support."));
}
break;
case 'extcrypt':
// check if crypt() supports extended des
if (defined('CRYPT_EXT_DES') && CRYPT_EXT_DES == 1) {
$ret = '{CRYPT}' . crypt($pass, '_' . GenerateRandomString(8, $extra_salt_chars, 7));
} else {
array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'ext_des'), _("System crypt library doesn't support extended DES crypt."));
}
break;
case 'blowfish':
// check if crypt() supports blowfish
if (defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1) {
$ret = '{CRYPT}' . crypt($pass, '$2a$12$' . GenerateRandomString(13, $extra_salt_chars, 7));
} else {
array_push($msgs, sprintf(_("Unsupported crypto: %s"), 'Blowfish'), _("System crypt library doesn't have Blowfish support."));
}
break;
case 'plaintext':
// clear plain text password
$ret = $pass;
break;
default:
array_push($msgs, sprintf(_("Unsupported crypto: %s"), is_string($ldap_crypto) ? sm_encode_html_special_chars($ldap_crypto) : _("unknown")));
}
return $ret;
}
/**
* Hashes a password and returns the hash based on the specified enc_type.
*
* @param string The password to hash in clear text.
* @param string Standard LDAP encryption type which must be one of
* crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
* @return string The hashed password.
*/
function pla_password_hash($password_clear, $enc_type)
{
if (DEBUG_ENABLED && (($fargs = func_get_args()) || ($fargs = 'NOARGS'))) {
debug_log('Entered (%%)', 1, 0, __FILE__, __LINE__, __METHOD__, $fargs);
}
$enc_type = strtolower($enc_type);
switch ($enc_type) {
case 'blowfish':
if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
error(_('Your system crypt library does not support blowfish encryption.'), 'error', 'index.php');
}
# Hardcoded to second blowfish version and set number of rounds
$new_value = sprintf('{CRYPT}%s', crypt($password_clear, '$2a$12$' . random_salt(13)));
break;
case 'crypt':
if ($_SESSION[APPCONFIG]->getValue('password', 'no_random_crypt_salt')) {
$new_value = sprintf('{CRYPT}%s', crypt($password_clear, substr($password_clear, 0, 2)));
} else {
$new_value = sprintf('{CRYPT}%s', crypt($password_clear, random_salt(2)));
}
break;
case 'ext_des':
# Extended des crypt. see OpenBSD crypt man page.
if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
error(_('Your system crypt library does not support extended DES encryption.'), 'error', 'index.php');
}
$new_value = sprintf('{CRYPT}%s', crypt($password_clear, '_' . random_salt(8)));
break;
case 'k5key':
$new_value = sprintf('{K5KEY}%s', $password_clear);
system_message(array('title' => _('Unable to Encrypt Password'), 'body' => 'phpLDAPadmin cannot encrypt K5KEY passwords', 'type' => 'warn'));
break;
case 'md5':
$new_value = sprintf('{MD5}%s', base64_encode(pack('H*', md5($password_clear))));
break;
case 'md5crypt':
if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
error(_('Your system crypt library does not support md5crypt encryption.'), 'error', 'index.php');
}
$new_value = sprintf('{CRYPT}%s', crypt($password_clear, '$1$' . random_salt(9)));
break;
case 'sha':
# Use php 4.3.0+ sha1 function, if it is available.
if (function_exists('sha1')) {
$new_value = sprintf('{SHA}%s', base64_encode(pack('H*', sha1($password_clear))));
} elseif (function_exists('mhash')) {
$new_value = sprintf('{SHA}%s', base64_encode(mhash(MHASH_SHA1, $password_clear)));
} else {
error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'), 'error', 'index.php');
}
break;
case 'ssha':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$new_value = sprintf('{SSHA}%s', base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt));
} else {
error(_('Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes.'), 'error', 'index.php');
}
break;
case 'smd5':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$new_value = sprintf('{SMD5}%s', base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt));
} else {
error(_('Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes.'), 'error', 'index.php');
}
break;
case 'sha512':
if (function_exists('openssl_digest') && function_exists('base64_encode')) {
$new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true)));
} else {
error(_('Your PHP install doest not have the openssl_digest() or base64_encode() function. Cannot do SHA512 hashes. '), 'error', 'index.php');
}
break;
case 'clear':
default:
$new_value = $password_clear;
}
return $new_value;
}
/**
* Returns a salt for the appropriate kind of password encryption.
* Optionally takes a seed and a plaintext password, to extract the seed
* of an existing password, or for encryption types that use the plaintext
* in the generation of the salt.
*
* @param string $encryption The kind of password encryption to use.
* Defaults to md5-hex.
* @param string $seed The seed to get the salt from (probably a
* previously generated password). Defaults to
* generating a new seed.
* @param string $plaintext The plaintext password that we're generating
* a salt for. Defaults to none.
*
* @return string The generated or extracted salt.
*
* @since 11.1
* @note Default $encryption will be changed to 'bcrypt' in CMS 3.2 and will at
* the type used by the PHP PASSWORD_DEFAULT constant until 5.5 is the minimum
* version required. At that point the default will be PASSWORD_DEFAULT.
*/
public static function getSalt($encryption = 'md5-hex', $seed = '', $plaintext = '')
{
// Encrypt the password.
switch ($encryption) {
case 'crypt':
case 'crypt-des':
if ($seed) {
return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 2);
} else {
return substr(md5(mt_rand()), 0, 2);
}
break;
case 'sha256':
if ($seed) {
return preg_replace('|^{sha256}|i', '', $seed);
} else {
return static::genRandomPassword(16);
}
break;
case 'crypt-md5':
if ($seed) {
return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 12);
} else {
return '$1$' . substr(md5(JCrypt::genRandomBytes()), 0, 8) . '$';
}
break;
case 'crypt-blowfish':
if ($seed) {
return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 16);
} else {
return '$2$' . substr(md5(JCrypt::genRandomBytes()), 0, 12) . '$';
}
break;
case 'ssha':
if ($seed) {
return substr(preg_replace('|^{SSHA}|', '', $seed), -20);
} else {
return mhash_keygen_s2k(MHASH_SHA1, $plaintext, substr(pack('h*', md5(JCrypt::genRandomBytes())), 0, 8), 4);
}
break;
case 'smd5':
if ($seed) {
return substr(preg_replace('|^{SMD5}|', '', $seed), -16);
} else {
return mhash_keygen_s2k(MHASH_MD5, $plaintext, substr(pack('h*', md5(JCrypt::genRandomBytes())), 0, 8), 4);
}
break;
case 'aprmd5':
/* 64 characters that are valid for APRMD5 passwords. */
$APRMD5 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if ($seed) {
return substr(preg_replace('/^\\$apr1\\$(.{8}).*/', '\\1', $seed), 0, 8);
} else {
$salt = '';
for ($i = 0; $i < 8; $i++) {
$salt .= $APRMD5[rand(0, 63)];
}
return $salt;
}
break;
// BCrypt is aliased because a BCrypt has may be requested when it is not present, and so it falls back to
// the default behavior of generating a salt.
// BCrypt is aliased because a BCrypt has may be requested when it is not present, and so it falls back to
// the default behavior of generating a salt.
case 'bcrypt':
default:
$salt = '';
if ($seed) {
$salt = $seed;
}
return $salt;
break;
}
}
<?php
list($hmac, $iv, $encrypted) = explode(':', $output);
$iv = base64_decode($iv);
$encrypted = base64_decode($encrypted);
$macKey = mhash_keygen_s2k(MHASH_SHA256, $key, $iv, 32);
$newHmac = hash_hmac('sha256', $iv . MCRYPT_BLOWFISH . $encrypted, $macKey);
if ($hmac !== $newHmac) {
die('Autenticazione fallita, impossibile procedere.');
}
$decrypt = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $encrypted, MCRYPT_MODE_CBC, $iv);
$data = rtrim($decrypt, "");
private static function generate_password($password, $encryptionType)
{
switch (strtolower($encryptionType)) {
case 'blowfish':
if (defined('CRYPT_BLOWFISH') == false || CRYPT_BLOWFISH == 0) {
throw new \Exception(yii::t('yii', 'Your system crypt library does not support blowfish encryption'));
}
# Hardcoded to second blowfish version and set number of rounds
return sprintf('{CRYPT}%s', crypt($password, '$2a$12$' . self::random_salt(13)));
break;
case 'crypt':
//$new_value = sprintf('{CRYPT}%s',crypt($password_clear,substr($password_clear,0,2)));
return sprintf('{CRYPT}%s', crypt($password, self::random_salt(2)));
break;
case 'ext_des':
# Extended des crypt. see OpenBSD crypt man page.
if (defined('CRYPT_EXT_DES') == false || CRYPT_EXT_DES == 0) {
throw new \Exception(yii::t('yii', 'Your system crypt library does not support extended DES encryption'));
}
return sprintf('{CRYPT}%s', crypt($password, '_' . self::random_salt(8)));
break;
case 'k5key':
return sprintf('{K5KEY}%s', $password);
break;
case 'md5':
return sprintf('{MD5}%s', base64_encode(pack('H*', md5($password))));
break;
case 'md5crypt':
if (defined('CRYPT_MD5') == false || CRYPT_MD5 == 0) {
throw new \Exception(yii::t('yii', 'Your system crypt library does not support md5crypt encryption'));
}
return sprintf('{CRYPT}%s', crypt($password, '$1$' . self::random_salt(9)));
break;
case 'sha':
# Use php 4.3.0+ sha1 function, if it is available.
if (function_exists('sha1') == true) {
return sprintf('{SHA}%s', base64_encode(pack('H*', sha1($password))));
} elseif (function_exists('mhash')) {
return sprintf('{SHA}%s', base64_encode(mhash(MHASH_SHA1, $password)));
} else {
throw new \Exception(yii::t('yii', 'Your PHP install does not have the mhash() function. Cannot do SHA hashes'));
}
break;
case 'ssha':
if (function_exists('mhash') == true && function_exists('mhash_keygen_s2k') == true) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
return sprintf('{SSHA}%s', base64_encode(mhash(MHASH_SHA1, $password . $salt) . $salt));
} else {
throw new \Exception(yii::t('yii', 'Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes'));
}
break;
case 'smd5':
if (function_exists('mhash') == true && function_exists('mhash_keygen_s2k') == true) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_MD5, $password, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
return sprintf('{SMD5}%s', base64_encode(mhash(MHASH_MD5, $password . $salt) . $salt));
} else {
throw new \Exception(yii::t('yii', 'Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes'));
}
break;
case 'sha512':
if (function_exists('openssl_digest') == true && function_exists('base64_encode') == true) {
return sprintf('{SHA512}%s', base64_encode(openssl_digest($password, 'sha512', true)));
} else {
throw new \Exception(yii::t('yii', 'Your PHP install doest not have the openssl_digest() or base64_encode() function. Cannot do SHA512 hashes'));
}
break;
case 'clear':
default:
return $password;
}
}
/**
* Code originaly from the phpLDAPadmin development team
* http://phpldapadmin.sourceforge.net/
*
* Hashes a password and returns the hash based on the specified enc_type
*/
static function hash_password($password_clear, $encodage_type)
{
$encodage_type = strtolower($encodage_type);
switch ($encodage_type) {
case 'crypt':
$crypted_password = '******' . crypt($password_clear, self::random_salt(2));
break;
case 'ext_des':
/* Extended DES crypt. see OpenBSD crypt man page */
if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
/* Your system crypt library does not support extended DES encryption */
return false;
}
$crypted_password = '******' . crypt($password_clear, '_' . self::random_salt(8));
break;
case 'md5crypt':
if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
/* Your system crypt library does not support md5crypt encryption */
return false;
}
$crypted_password = '******' . crypt($password_clear, '$1$' . self::random_salt(9));
break;
case 'blowfish':
if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
/* Your system crypt library does not support blowfish encryption */
return false;
}
$rcmail = rcmail::get_instance();
$cost = (int) $rcmail->config->get('password_blowfish_cost');
$cost = $cost < 4 || $cost > 31 ? 12 : $cost;
$prefix = sprintf('$2a$%02d$', $cost);
$crypted_password = '******' . crypt($password_clear, $prefix . self::random_salt(22));
break;
case 'md5':
$crypted_password = '******' . base64_encode(pack('H*', md5($password_clear)));
break;
case 'sha':
if (function_exists('sha1')) {
/* Use PHP 4.3.0+ sha1 function, if it is available */
$crypted_password = '******' . base64_encode(pack('H*', sha1($password_clear)));
} else {
if (function_exists('hash')) {
$crypted_password = '******' . base64_encode(hash('sha1', $password_clear, true));
} else {
if (function_exists('mhash')) {
$crypted_password = '******' . base64_encode(mhash(MHASH_SHA1, $password_clear));
} else {
/* Your PHP install does not have the mhash()/hash() nor sha1() function */
return false;
}
}
}
break;
case 'ssha':
mt_srand((double) microtime() * 1000000);
$salt = substr(pack('h*', md5(mt_rand())), 0, 8);
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
$salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, $salt, 4);
$password = mhash(MHASH_SHA1, $password_clear . $salt);
} else {
if (function_exists('sha1')) {
$salt = substr(pack("H*", sha1($salt . $password_clear)), 0, 4);
$password = sha1($password_clear . $salt, true);
} else {
if (function_exists('hash')) {
$salt = substr(pack("H*", hash('sha1', $salt . $password_clear)), 0, 4);
$password = hash('sha1', $password_clear . $salt, true);
}
}
}
if ($password) {
$crypted_password = '******' . base64_encode($password . $salt);
} else {
/* Your PHP install does not have the mhash()/hash() nor sha1() function */
return false;
}
break;
case 'smd5':
mt_srand((double) microtime() * 1000000);
$salt = substr(pack('h*', md5(mt_rand())), 0, 8);
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
$salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, $salt, 4);
$password = mhash(MHASH_MD5, $password_clear . $salt);
} else {
if (function_exists('hash')) {
$salt = substr(pack("H*", hash('md5', $salt . $password_clear)), 0, 4);
$password = hash('md5', $password_clear . $salt, true);
} else {
$salt = substr(pack("H*", md5($salt . $password_clear)), 0, 4);
$password = md5($password_clear . $salt, true);
}
}
$crypted_password = '******' . base64_encode($password . $salt);
break;
case 'samba':
if (function_exists('hash')) {
$crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE'));
$crypted_password = strtoupper($crypted_password);
} else {
/* Your PHP install does not have the hash() function */
return false;
}
break;
case 'ad':
$crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE');
break;
case 'cram-md5':
require_once __DIR__ . '/../helpers/dovecot_hmacmd5.php';
return dovecot_hmacmd5($password_clear);
break;
case 'clear':
default:
$crypted_password = $password_clear;
}
return $crypted_password;
}
/**
* Encrypts the password
* @param string $passwd
* @returns string
*/
protected function encryptPassword($passwd)
{
# http://www.openldap.org/doc/admin24/security.html#Password%20Storage
switch (strtolower($this->options['encrypt'])) {
case 'md5':
return '{MD5}' . md5($passwd);
case 'plaintext':
return $passwd;
case 'SSHA':
/* code stolen gratefyllu from http://www.php.net/manual/en/function.sha1.php#40226*/
$salt = mhash_keygen_s2k(MHASH_SHA1, $passwd, substr(pack('h*', md5($this->options('salt'))), 0, 8), 4);
return "{SSHA}" . base64_encode(mhash(MHASH_SHA1, $passwd . $salt) . $salt);
case 'SHA':
/* code stolen gratefuly from http://www.openldap.org/faq/data/cache/347.html */
return "{SHA}" . base64_encode(pack("H*", sha1($passwd)));
}
}
/**
* Hashes a password and returns the hash based on the specified enc_type.
*
* @param string $password_clear The password to hash in clear text.
* @param string $enc_type Standard LDAP encryption type which must be one of
* crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
* @return string The hashed password.
*/
function password_hash($password_clear, $enc_type)
{
if (DEBUG_ENABLED) {
debug_log('password_hash(): Entered with (%s,%s)', 1, $password_clear, $enc_type);
}
$enc_type = strtolower($enc_type);
switch ($enc_type) {
case 'crypt':
$new_value = '{CRYPT}' . crypt($password_clear, random_salt(2));
break;
case 'ext_des':
// extended des crypt. see OpenBSD crypt man page.
if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
pla_error(_('Your system crypt library does not support extended DES encryption.'));
}
$new_value = '{CRYPT}' . crypt($password_clear, '_' . random_salt(8));
break;
case 'md5crypt':
if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
pla_error(_('Your system crypt library does not support md5crypt encryption.'));
}
$new_value = '{CRYPT}' . crypt($password_clear, '$1$' . random_salt(9));
break;
case 'blowfish':
if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
pla_error(_('Your system crypt library does not support blowfish encryption.'));
}
// hardcoded to second blowfish version and set number of rounds
$new_value = '{CRYPT}' . crypt($password_clear, '$2a$12$' . random_salt(13));
break;
case 'md5':
$new_value = '{MD5}' . base64_encode(pack('H*', md5($password_clear)));
break;
case 'sha':
if (function_exists('sha1')) {
// use php 4.3.0+ sha1 function, if it is available.
$new_value = '{SHA}' . base64_encode(pack('H*', sha1($password_clear)));
} elseif (function_exists('mhash')) {
$new_value = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear));
} else {
pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'));
}
break;
case 'ssha':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
$new_value = "{SSHA}" . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt);
} else {
pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'));
}
break;
case 'smd5':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
$new_value = "{SMD5}" . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt);
} else {
pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'));
}
break;
case 'clear':
default:
$new_value = $password_clear;
}
return $new_value;
}
/**
* Code originaly from the phpLDAPadmin development team
* http://phpldapadmin.sourceforge.net/
*
* Hashes a password and returns the hash based on the specified enc_type.
*
* @param string $passwordClear The password to hash in clear text.
* @param string $encodageType Standard LDAP encryption type which must be one of
* crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
* @return string The hashed password.
*
*/
function hashPassword($passwordClear, $encodageType)
{
$encodageType = strtolower($encodageType);
switch ($encodageType) {
case 'crypt':
$cryptedPassword = '******' . crypt($passwordClear, $this->randomSalt(2));
break;
case 'ext_des':
// extended des crypt. see OpenBSD crypt man page.
if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
return FALSE;
}
//Your system crypt library does not support extended DES encryption.
$cryptedPassword = '******' . crypt($passwordClear, '_' . $this->randomSalt(8));
break;
case 'md5crypt':
if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
return FALSE;
}
//Your system crypt library does not support md5crypt encryption.
$cryptedPassword = '******' . crypt($passwordClear, '$1$' . $this->randomSalt(9));
break;
case 'blowfish':
if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
return FALSE;
}
//Your system crypt library does not support blowfish encryption.
$cryptedPassword = '******' . crypt($passwordClear, '$2a$12$' . $this->randomSalt(13));
// hardcoded to second blowfish version and set number of rounds
break;
case 'md5':
$cryptedPassword = '******' . base64_encode(pack('H*', md5($passwordClear)));
break;
case 'sha':
if (function_exists('sha1')) {
// use php 4.3.0+ sha1 function, if it is available.
$cryptedPassword = '******' . base64_encode(pack('H*', sha1($passwordClear)));
} elseif (function_exists('mhash')) {
$cryptedPassword = '******' . base64_encode(mhash(MHASH_SHA1, $passwordClear));
} else {
return FALSE;
//Your PHP install does not have the mhash() function. Cannot do SHA hashes.
}
break;
case 'ssha':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $passwordClear, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
$cryptedPassword = "******" . base64_encode(mhash(MHASH_SHA1, $passwordClear . $salt) . $salt);
} else {
return FALSE;
//Your PHP install does not have the mhash() function. Cannot do SHA hashes.
}
break;
case 'smd5':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_MD5, $passwordClear, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
$cryptedPassword = "******" . base64_encode(mhash(MHASH_MD5, $passwordClear . $salt) . $salt);
} else {
return FALSE;
//Your PHP install does not have the mhash() function. Cannot do SHA hashes.
}
break;
case 'ad':
$cryptedPassword = '';
$passwordClear = "\"" . $passwordClear . "\"";
$len = strlen($passwordClear);
for ($i = 0; $i < $len; $i++) {
$cryptedPassword .= "{$passwordClear[$i]}";
}
case 'clear':
default:
$cryptedPassword = $passwordClear;
}
return $cryptedPassword;
}
/**
* Code originaly from the phpLDAPadmin development team
* http://phpldapadmin.sourceforge.net/
*
* Hashes a password and returns the hash based on the specified enc_type
*/
function ldap_simple_hash_password($password_clear, $encodage_type)
{
$encodage_type = strtolower($encodage_type);
switch ($encodage_type) {
case 'crypt':
$crypted_password = '******' . crypt($password_clear, ldap_simple_random_salt(2));
break;
case 'ext_des':
/* Extended DES crypt. see OpenBSD crypt man page */
if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
/* Your system crypt library does not support extended DES encryption */
return false;
}
$crypted_password = '******' . crypt($password_clear, '_' . ldap_simple_random_salt(8));
break;
case 'md5crypt':
if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
/* Your system crypt library does not support md5crypt encryption */
return false;
}
$crypted_password = '******' . crypt($password_clear, '$1$' . ldap_simple_random_salt(9));
break;
case 'blowfish':
if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
/* Your system crypt library does not support blowfish encryption */
return false;
}
/* Hardcoded to second blowfish version and set number of rounds */
$crypted_password = '******' . crypt($password_clear, '$2a$12$' . ldap_simple_random_salt(13));
break;
case 'md5':
$crypted_password = '******' . base64_encode(pack('H*', md5($password_clear)));
break;
case 'sha':
if (function_exists('sha1')) {
/* Use PHP 4.3.0+ sha1 function, if it is available */
$crypted_password = '******' . base64_encode(pack('H*', sha1($password_clear)));
} else {
if (function_exists('mhash')) {
$crypted_password = '******' . base64_encode(mhash(MHASH_SHA1, $password_clear));
} else {
/* Your PHP install does not have the mhash() function */
return false;
}
}
break;
case 'ssha':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$crypted_password = '******' . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt);
} else {
/* Your PHP install does not have the mhash() function */
return false;
}
break;
case 'smd5':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$crypted_password = '******' . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt);
} else {
/* Your PHP install does not have the mhash() function */
return false;
}
break;
case 'clear':
default:
$crypted_password = $password_clear;
}
return $crypted_password;
}
