function getHMAC($astrResponseData, $astrFileName, $astrMerchantID) { $strkey = $this->getKey($astrMerchantID, $astrFileName); $strhexkey = $this->hexstr($strkey); $hash = new Crypt_Hash('sha1'); $hash->setKey($strhexkey); $digest = $hash->hash($astrResponseData); $cleardigest = $this->strhex($digest); return $cleardigest; }
/** * Sets the password. * * Depending on what $method is set to, setPassword()'s (optional) parameters are as follows: * {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2}: * $hash, $salt, $method * Set $dkLen by calling setKeyLength() * * @param String $password * @param optional String $method * @access public */ function setPassword($password, $method = 'pbkdf2') { $key = ''; switch ($method) { default: // 'pbkdf2' list(, , $hash, $salt, $count) = func_get_args(); if (!isset($hash)) { $hash = 'sha1'; } // WPA and WPA2 use the SSID as the salt if (!isset($salt)) { $salt = 'phpseclib'; } // RFC2898#section-4.2 uses 1,000 iterations by default // WPA and WPA2 use 4,096. if (!isset($count)) { $count = 1000; } if (!class_exists('Crypt_Hash')) { require_once 'Crypt/Hash.php'; } $i = 1; while (strlen($key) < $this->key_size) { // $dkLen == $this->key_size //$dk.= $this->_pbkdf($password, $salt, $count, $i++); $hmac = new Crypt_Hash(); $hmac->setHash($hash); $hmac->setKey($password); $f = $u = $hmac->hash($salt . pack('N', $i++)); for ($j = 2; $j <= $count; $j++) { $u = $hmac->hash($u); $f ^= $u; } $key .= $f; } } $this->setKey(substr($key, 0, $this->key_size)); }
/** * Convert a private key to the appropriate format. * * @access private * @see setPrivateKeyFormat() * @param String $RSAPrivateKey * @return String */ function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) { $num_primes = count($primes); $raw = array('version' => $num_primes == 2 ? chr(0) : chr(1), 'modulus' => $n->toBytes(true), 'publicExponent' => $e->toBytes(true), 'privateExponent' => $d->toBytes(true), 'prime1' => $primes[1]->toBytes(true), 'prime2' => $primes[2]->toBytes(true), 'exponent1' => $exponents[1]->toBytes(true), 'exponent2' => $exponents[2]->toBytes(true), 'coefficient' => $coefficients[2]->toBytes(true)); // if the format in question does not support multi-prime rsa and multi-prime rsa was used, // call _convertPublicKey() instead. switch ($this->privateKeyFormat) { case CRYPT_RSA_PRIVATE_FORMAT_XML: if ($num_primes != 2) { return false; } return "<RSAKeyValue>\r\n" . ' <Modulus>' . base64_encode($raw['modulus']) . "</Modulus>\r\n" . ' <Exponent>' . base64_encode($raw['publicExponent']) . "</Exponent>\r\n" . ' <P>' . base64_encode($raw['prime1']) . "</P>\r\n" . ' <Q>' . base64_encode($raw['prime2']) . "</Q>\r\n" . ' <DP>' . base64_encode($raw['exponent1']) . "</DP>\r\n" . ' <DQ>' . base64_encode($raw['exponent2']) . "</DQ>\r\n" . ' <InverseQ>' . base64_encode($raw['coefficient']) . "</InverseQ>\r\n" . ' <D>' . base64_encode($raw['privateExponent']) . "</D>\r\n" . '</RSAKeyValue>'; break; case CRYPT_RSA_PRIVATE_FORMAT_PUTTY: if ($num_primes != 2) { return false; } $key = "PuTTY-User-Key-File-2: ssh-rsa\r\nEncryption: "; $encryption = !empty($this->password) || is_string($this->password) ? 'aes256-cbc' : 'none'; $key .= $encryption; $key .= "\r\nComment: " . CRYPT_RSA_COMMENT . "\r\n"; $public = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($raw['publicExponent']), $raw['publicExponent'], strlen($raw['modulus']), $raw['modulus']); $source = pack('Na*Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($encryption), $encryption, strlen(CRYPT_RSA_COMMENT), CRYPT_RSA_COMMENT, strlen($public), $public); $public = base64_encode($public); $key .= "Public-Lines: " . (strlen($public) + 32 >> 6) . "\r\n"; $key .= chunk_split($public, 64); $private = pack('Na*Na*Na*Na*', strlen($raw['privateExponent']), $raw['privateExponent'], strlen($raw['prime1']), $raw['prime1'], strlen($raw['prime2']), $raw['prime2'], strlen($raw['coefficient']), $raw['coefficient']); if (empty($this->password) && !is_string($this->password)) { $source .= pack('Na*', strlen($private), $private); $hashkey = 'putty-private-key-file-mac-key'; } else { $private .= $this->_random(16 - (strlen($private) & 15)); $source .= pack('Na*', strlen($private), $private); if (!class_exists('Crypt_AES')) { require_once 'Crypt/AES.php'; } $sequence = 0; $symkey = ''; while (strlen($symkey) < 32) { $temp = pack('Na*', $sequence++, $this->password); $symkey .= pack('H*', sha1($temp)); } $symkey = substr($symkey, 0, 32); $crypto = new Crypt_AES(); $crypto->setKey($symkey); $crypto->disablePadding(); $private = $crypto->encrypt($private); $hashkey = 'putty-private-key-file-mac-key' . $this->password; } $private = base64_encode($private); $key .= 'Private-Lines: ' . (strlen($private) + 32 >> 6) . "\r\n"; $key .= chunk_split($private, 64); if (!class_exists('Crypt_Hash')) { require_once 'Crypt/Hash.php'; } $hash = new Crypt_Hash('sha1'); $hash->setKey(pack('H*', sha1($hashkey))); $key .= 'Private-MAC: ' . bin2hex($hash->hash($source)) . "\r\n"; return $key; default: // eg. CRYPT_RSA_PRIVATE_FORMAT_PKCS1 $components = array(); foreach ($raw as $name => $value) { $components[$name] = pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($value)), $value); } $RSAPrivateKey = implode('', $components); if ($num_primes > 2) { $OtherPrimeInfos = ''; for ($i = 3; $i <= $num_primes; $i++) { // OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo // // OtherPrimeInfo ::= SEQUENCE { // prime INTEGER, -- ri // exponent INTEGER, -- di // coefficient INTEGER -- ti // } $OtherPrimeInfo = pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($primes[$i]->toBytes(true))), $primes[$i]->toBytes(true)); $OtherPrimeInfo .= pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($exponents[$i]->toBytes(true))), $exponents[$i]->toBytes(true)); $OtherPrimeInfo .= pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($coefficients[$i]->toBytes(true))), $coefficients[$i]->toBytes(true)); $OtherPrimeInfos .= pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfo)), $OtherPrimeInfo); } $RSAPrivateKey .= pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfos)), $OtherPrimeInfos); } $RSAPrivateKey = pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey); if (!empty($this->password) || is_string($this->password)) { $iv = $this->_random(8); $symkey = pack('H*', md5($this->password . $iv)); // symkey is short for symmetric key $symkey .= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8); if (!class_exists('Crypt_TripleDES')) { require_once 'Crypt/TripleDES.php'; } $des = new Crypt_TripleDES(); $des->setKey($symkey); $des->setIV($iv); $iv = strtoupper(bin2hex($iv)); $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" . "Proc-Type: 4,ENCRYPTED\r\n" . "DEK-Info: DES-EDE3-CBC,{$iv}\r\n" . "\r\n" . chunk_split(base64_encode($des->encrypt($RSAPrivateKey))) . '-----END RSA PRIVATE KEY-----'; } else { $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" . chunk_split(base64_encode($RSAPrivateKey)) . '-----END RSA PRIVATE KEY-----'; } return $RSAPrivateKey; } }
/** * Sets the password. * * Depending on what $method is set to, setPassword()'s (optional) parameters are as follows: * {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2}: * $hash, $salt, $count, $dkLen * * Where $hash (default = sha1) currently supports the following hashes: see: Crypt/Hash.php * * Note: Could, but not must, extend by the child Crypt_* class * * @see Crypt/Hash.php * @param String $password * @param optional String $method * @access public */ function setPassword($password, $method = 'pbkdf2') { $key = ''; switch ($method) { default: // 'pbkdf2' $func_args = func_get_args(); // Hash function $hash = isset($func_args[2]) ? $func_args[2] : 'sha1'; // WPA and WPA2 use the SSID as the salt $salt = isset($func_args[3]) ? $func_args[3] : $this->password_default_salt; // RFC2898#section-4.2 uses 1,000 iterations by default // WPA and WPA2 use 4,096. $count = isset($func_args[4]) ? $func_args[4] : 1000; // Keylength $dkLen = isset($func_args[5]) ? $func_args[5] : $this->password_key_size; // Determining if php[>=5.5.0]'s hash_pbkdf2() function avail- and useable switch (true) { case !function_exists('hash_pbkdf2'): case !function_exists('hash_algos'): case !in_array($hash, hash_algos()): if (!class_exists('Crypt_Hash')) { require_once 'Crypt/Hash.php'; } $i = 1; while (strlen($key) < $dkLen) { $hmac = new Crypt_Hash(); $hmac->setHash($hash); $hmac->setKey($password); $f = $u = $hmac->hash($salt . pack('N', $i++)); for ($j = 2; $j <= $count; ++$j) { $u = $hmac->hash($u); $f ^= $u; } $key .= $f; } $key = substr($key, 0, $dkLen); break; default: $key = hash_pbkdf2($hash, $password, $salt, $count, $dkLen, true); } } $this->setKey($key); }
/** * Sets the password. * * Depending on what $method is set to, setPassword()'s (optional) parameters are as follows: * {@link http://en.wikipedia.org/wiki/PBKDF2 pbkdf2} or pbkdf1: * $hash, $salt, $count, $dkLen * * Where $hash (default = sha1) currently supports the following hashes: see: Crypt/Hash.php * * Note: Could, but not must, extend by the child Crypt_* class * * @see Crypt/Hash.php * @param String $password * @param optional String $method * @return Boolean * @access public */ function setPassword($password, $method = 'pbkdf2') { $key = ''; switch ($method) { default: // 'pbkdf2' or 'pbkdf1' $func_args = func_get_args(); // Hash function $hash = isset($func_args[2]) ? $func_args[2] : 'sha1'; // WPA and WPA2 use the SSID as the salt $salt = isset($func_args[3]) ? $func_args[3] : $this->password_default_salt; // RFC2898#section-4.2 uses 1,000 iterations by default // WPA and WPA2 use 4,096. $count = isset($func_args[4]) ? $func_args[4] : 1000; // Keylength if (isset($func_args[5])) { $dkLen = $func_args[5]; } else { $dkLen = $method == 'pbkdf1' ? 2 * $this->password_key_size : $this->password_key_size; } switch (true) { case $method == 'pbkdf1': if (!class_exists('Crypt_Hash')) { include_once 'Crypt/Hash.php'; } $hashObj = new Crypt_Hash(); $hashObj->setHash($hash); if ($dkLen > $hashObj->getLength()) { user_error('Derived key too long'); return false; } $t = $password . $salt; for ($i = 0; $i < $count; ++$i) { $t = $hashObj->hash($t); } $key = substr($t, 0, $dkLen); $this->setKey(substr($key, 0, $dkLen >> 1)); $this->setIV(substr($key, $dkLen >> 1)); return true; // Determining if php[>=5.5.0]'s hash_pbkdf2() function avail- and useable // Determining if php[>=5.5.0]'s hash_pbkdf2() function avail- and useable case !function_exists('hash_pbkdf2'): case !function_exists('hash_algos'): case !in_array($hash, hash_algos()): if (!class_exists('Crypt_Hash')) { include_once 'Crypt/Hash.php'; } $i = 1; while (strlen($key) < $dkLen) { $hmac = new Crypt_Hash(); $hmac->setHash($hash); $hmac->setKey($password); $f = $u = $hmac->hash($salt . pack('N', $i++)); for ($j = 2; $j <= $count; ++$j) { $u = $hmac->hash($u); $f ^= $u; } $key .= $f; } $key = substr($key, 0, $dkLen); break; default: $key = hash_pbkdf2($hash, $password, $salt, $count, $dkLen, true); } } $this->setKey($key); return true; }
public function setPassword($password, $method = 'pbkdf2') { $key = ''; list(, , $hash, $salt, $count) = func_get_args(); if (!isset($hash)) { $hash = 'sha1'; } if (!isset($salt)) { $salt = 'phpseclib'; } if (!isset($count)) { $count = 1000; } if (!class_exists('Crypt_Hash')) { require_once 'Crypt/Hash.php'; } $i = 1; while (strlen($key) < $this->key_size) { $hmac = new Crypt_Hash(); $hmac->setHash($hash); $hmac->setKey($password); $f = $u = $hmac->hash($salt . pack('N', $i++)); for ($j = 2; $j <= $count; $j++) { $u = $hmac->hash($u); $f ^= $u; } $key .= $f; } $this->setKey(substr($key, 0, $this->key_size)); }
protected function assertHMACsTo(Crypt_Hash $hash, $key, $message, $expected) { $hash->setKey($key); $this->assertEquals(strtolower($expected), bin2hex($hash->hash($message)), sprintf("Failed asserting that '%s' HMACs to '%s' with key '%s'.", $message, $expected, $key)); }
function hash($string, $key) { $hash = new Crypt_Hash('sha512'); $hash->setKey($key); return $hash->hash($string); }
public function setPassword($password, $method) { $key = ""; switch (1) { default: list(, , $hash, $salt, $count) = func_get_args(); if (!$hash) { $hash = "sha1"; } if (!$salt) { $salt = "phpseclib"; } if (!$count) { $count = 1000; } if (!class_exists("Crypt_Hash")) { require_once "Crypt/Hash.php"; } $i = 1; while (strlen($key) < $this->key_size) { $hmac = new Crypt_Hash(); $hmac->setHash($hash); $hmac->setKey($password); $f = $u = $hmac->hash($salt . pack("N", $i++)); for ($j = 2; $j <= $count; $j++) { $u = $hmac->hash($u); $f ^= $u; } $key .= $f; } } $this->setKey(substr($key, 0, $this->key_size)); }
public function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) { $num_primes = count($primes); $raw = array('version' => $num_primes == 2 ? chr(0) : chr(1), 'modulus' => $n->toBytes(true), 'publicExponent' => $e->toBytes(true), 'privateExponent' => $d->toBytes(true), 'prime1' => $primes[1]->toBytes(true), 'prime2' => $primes[2]->toBytes(true), 'exponent1' => $exponents[1]->toBytes(true), 'exponent2' => $exponents[2]->toBytes(true), 'coefficient' => $coefficients[2]->toBytes(true)); switch ($this->privateKeyFormat) { case CRYPT_RSA_PRIVATE_FORMAT_XML: if ($num_primes != 2) { return false; } return '<RSAKeyValue>' . "\r\n" . '' . ' <Modulus>' . base64_encode($raw['modulus']) . '</Modulus>' . "\r\n" . '' . ' <Exponent>' . base64_encode($raw['publicExponent']) . '</Exponent>' . "\r\n" . '' . ' <P>' . base64_encode($raw['prime1']) . '</P>' . "\r\n" . '' . ' <Q>' . base64_encode($raw['prime2']) . '</Q>' . "\r\n" . '' . ' <DP>' . base64_encode($raw['exponent1']) . '</DP>' . "\r\n" . '' . ' <DQ>' . base64_encode($raw['exponent2']) . '</DQ>' . "\r\n" . '' . ' <InverseQ>' . base64_encode($raw['coefficient']) . '</InverseQ>' . "\r\n" . '' . ' <D>' . base64_encode($raw['privateExponent']) . '</D>' . "\r\n" . '' . '</RSAKeyValue>'; break; case CRYPT_RSA_PRIVATE_FORMAT_PUTTY: if ($num_primes != 2) { return false; } $key = 'PuTTY-User-Key-File-2: ssh-rsa' . "\r\n" . 'Encryption: '; $encryption = !empty($this->password) || is_string($this->password) ? 'aes256-cbc' : 'none'; $key .= $encryption; $key .= '' . "\r\n" . 'Comment: ' . $this->comment . "\r\n"; $public = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($raw['publicExponent']), $raw['publicExponent'], strlen($raw['modulus']), $raw['modulus']); $source = pack('Na*Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($encryption), $encryption, strlen($this->comment), $this->comment, strlen($public), $public); $public = base64_encode($public); $key .= 'Public-Lines: ' . (strlen($public) + 32 >> 6) . "\r\n"; $key .= chunk_split($public, 64); $private = pack('Na*Na*Na*Na*', strlen($raw['privateExponent']), $raw['privateExponent'], strlen($raw['prime1']), $raw['prime1'], strlen($raw['prime2']), $raw['prime2'], strlen($raw['coefficient']), $raw['coefficient']); if (empty($this->password) && !is_string($this->password)) { $source .= pack('Na*', strlen($private), $private); $hashkey = 'putty-private-key-file-mac-key'; } else { $private .= self::crypt_random_string(16 - (strlen($private) & 15)); $source .= pack('Na*', strlen($private), $private); if (!class_exists('Crypt_AES')) { require_once 'Crypt/AES.php'; } $sequence = 0; $symkey = ''; while (strlen($symkey) < 32) { $temp = pack('Na*', $sequence++, $this->password); $symkey .= pack('H*', sha1($temp)); } $symkey = substr($symkey, 0, 32); $crypto = new Crypt_AES(); $crypto->setKey($symkey); $crypto->disablePadding(); $private = $crypto->encrypt($private); $hashkey = 'putty-private-key-file-mac-key' . $this->password; } $private = base64_encode($private); $key .= 'Private-Lines: ' . (strlen($private) + 32 >> 6) . "\r\n"; $key .= chunk_split($private, 64); if (!class_exists('Crypt_Hash')) { require_once 'Crypt/Hash.php'; } $hash = new Crypt_Hash('sha1'); $hash->setKey(pack('H*', sha1($hashkey))); $key .= 'Private-MAC: ' . bin2hex($hash->hash($source)) . "\r\n"; return $key; default: $components = array(); foreach ($raw as $name => $value) { $components[$name] = pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($value)), $value); } $RSAPrivateKey = implode('', $components); if (2 < $num_primes) { $OtherPrimeInfos = ''; for ($i = 3; $i <= $num_primes; $i++) { $OtherPrimeInfo = pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($primes[$i]->toBytes(true))), $primes[$i]->toBytes(true)); $OtherPrimeInfo .= pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($exponents[$i]->toBytes(true))), $exponents[$i]->toBytes(true)); $OtherPrimeInfo .= pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($coefficients[$i]->toBytes(true))), $coefficients[$i]->toBytes(true)); $OtherPrimeInfos .= pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfo)), $OtherPrimeInfo); } $RSAPrivateKey .= pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfos)), $OtherPrimeInfos); } $RSAPrivateKey = pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey); if (!empty($this->password) || is_string($this->password)) { $iv = self::crypt_random_string(8); $symkey = pack('H*', md5($this->password . $iv)); $symkey .= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8); if (!class_exists('Crypt_TripleDES')) { require_once 'Crypt/TripleDES.php'; } $des = new Crypt_TripleDES(); $des->setKey($symkey); $des->setIV($iv); $iv = strtoupper(bin2hex($iv)); $RSAPrivateKey = '-----BEGIN RSA PRIVATE KEY-----' . "\r\n" . '' . 'Proc-Type: 4,ENCRYPTED' . "\r\n" . '' . 'DEK-Info: DES-EDE3-CBC,' . $iv . "\r\n" . "\r\n" . chunk_split(base64_encode($des->encrypt($RSAPrivateKey)), 64) . '-----END RSA PRIVATE KEY-----'; } else { $RSAPrivateKey = '-----BEGIN RSA PRIVATE KEY-----' . "\r\n" . '' . chunk_split(base64_encode($RSAPrivateKey), 64) . '-----END RSA PRIVATE KEY-----'; } return $RSAPrivateKey; } }