function pkwk_hash_compute($phrase = '', $scheme = '{x-php-md5}', $prefix = true, $canonical = false) { if (!is_string($phrase) || !is_string($scheme)) { return false; } if (strlen($phrase) > PKWK_PASSPHRASE_LIMIT_LENGTH) { die('pkwk_hash_compute(): malicious message length'); } // With a {scheme}salt or not $matches = array(); if (preg_match('/^(\\{.+\\})(.*)$/', $scheme, $matches)) { $scheme =& $matches[1]; $salt =& $matches[2]; } elseif ($scheme != '') { $scheme = ''; // Cleartext $salt = ''; } // Compute and add a scheme-prefix switch (strtolower($scheme)) { // PHP crypt() case '{x-php-crypt}': $hash = ($prefix ? $canonical ? '{x-php-crypt}' : $scheme : '') . ($salt != '' ? crypt($phrase, $salt) : crypt($phrase)); break; // PHP md5() // PHP md5() case '{x-php-md5}': $hash = ($prefix ? $canonical ? '{x-php-md5}' : $scheme : '') . md5($phrase); break; // PHP sha1() // PHP sha1() case '{x-php-sha1}': $hash = ($prefix ? $canonical ? '{x-php-sha1}' : $scheme : '') . sha1($phrase); break; // LDAP CRYPT // LDAP CRYPT case '{crypt}': $hash = ($prefix ? $canonical ? '{CRYPT}' : $scheme : '') . ($salt != '' ? crypt($phrase, $salt) : crypt($phrase)); break; // LDAP MD5 // LDAP MD5 case '{md5}': $hash = ($prefix ? $canonical ? '{MD5}' : $scheme : '') . base64_encode(pkwk_hex2bin(md5($phrase))); break; // LDAP SMD5 // LDAP SMD5 case '{smd5}': // MD5 Key length = 128bits = 16bytes $salt = $salt != '' ? substr(base64_decode($salt), 16) : substr(crypt(''), -8); $hash = ($prefix ? $canonical ? '{SMD5}' : $scheme : '') . base64_encode(pkwk_hex2bin(md5($phrase . $salt)) . $salt); break; // LDAP SHA // LDAP SHA case '{sha}': $hash = ($prefix ? $canonical ? '{SHA}' : $scheme : '') . base64_encode(pkwk_hex2bin(sha1($phrase))); break; // LDAP SSHA // LDAP SSHA case '{ssha}': // SHA-1 Key length = 160bits = 20bytes $salt = $salt != '' ? substr(base64_decode($salt), 20) : substr(crypt(''), -8); $hash = ($prefix ? $canonical ? '{SSHA}' : $scheme : '') . base64_encode(pkwk_hex2bin(sha1($phrase . $salt)) . $salt); break; // LDAP CLEARTEXT and just cleartext // LDAP CLEARTEXT and just cleartext case '{cleartext}': /* FALLTHROUGH */ /* FALLTHROUGH */ case '': $hash = ($prefix ? $canonical ? '{CLEARTEXT}' : $scheme : '') . $phrase; break; // Invalid scheme // Invalid scheme default: $hash = false; break; } return $hash; }
function decode($key) { return pkwk_hex2bin($key); }