include/heimdal/genkey.php

   1 <?php
   2 /*
   3  * genkey.php,v 1.0 2006/08/25 21:00:00
   4  *
   5  * Copyright 2006 Alejandro Escanero Blanco <aescanero@chaosdimension.org>
   6  *
   7  * See the enclosed file COPYING for license information (GPL).  If you
   8  * did not receive this file, see http://www.fsf.org/copyleft/gpl.html.
   9  */
  10
  11 define(DES_CBC_CRC,1);
  12 define(DES_CBC_MD4,2);
  13 define(DES_CBC_MD5,3);
  14 define(DES3_CBC_MD5,5);
  15 define(DES3_CBC_SHA1,16);
  16
  17 include("deslib.php");
  18 include("mkey.php");
  19 include("asnencode.php");
  20
  21 class genkey{
  22
  23         var $masterkey;
  24         var $desclass;
  25         var $intg_dkey;
  26         var $crypt_dkey;
  27         var $rnd_key;
  28         var $stringtokey;
  29         var $ekey;
  30         var $keytype;
  31         var $salt;
  32         var $sha1_hmac;
  33         var $okey;
  34         var $keystr;
  35         var $b64;
  36
  37         function genkey($mkey){
  38                 if($mkey->getKeyType_Entry(0)!=DES3_CBC_SHA1) die ("only spported DES3_CBC_SHA1 m-key");
  39                 $this->masterkey=$mkey->getKey_Entry_A(0);
  40                 /* printf("mkey: ");
  41                         for ($i=0;$i<count($this->masterkey);$i++) printf("%02x",$this->masterkey[$i]);
  42                         printf("\n");*/
  43                 $this->desclass=new Des();
  44                 $this->intg_dkey=$this->desclass->derive_key_integrity($this->masterkey);
  45                 $this->crypt_dkey=$this->desclass->derive_key_encrypt($this->masterkey);
  46                 $this->rnd_key=$this->desclass->DES_new_random_key(8);
  47                 $this->ekey=$this->rnd_key;
  48         }
  49
  50         function generate($keytype,$name,$realm,$pass){
  51                 $this->keytype=$keytype;
  52                 $this->salt=$realm.$name;
  53                 switch($keytype){
  54                         case DES_CBC_CRC:
  55                         case DES_CBC_MD4:
  56                         case DES_CBC_MD5:
  57                                 $this->desclass->DesStringToKey($pass,$realm,$name);
  58                         break;
  59                         case DES3_CBC_MD5:
  60                                 $this->desclass->Des3StringToKey($pass,$realm,$name);
  61                         break;
  62                         case DES3_CBC_SHA1:
  63                                 $this->desclass->Des3StringToKeyDerived($pass,$realm,$name);
  64                         break;
  65                         default:
  66                         die ("keytype not supported, supported keys are: des-cbc-crc,des-cbc-md4,des-cbc-md5,des3-cbc-md5,des3-cbc-sha1");
  67                 }
  68                 $this->stringtokey=$this->desclass->out;
  69                 for ($i=0;$i<count($this->stringtokey);$i++){
  70                         $this->ekey[8+$i]=$this->stringtokey[$i];
  71                 }
  72                 $hash_key="";
  73                 for ($i=0;$i<count($this->rnd_key);$i++){
  74                         $hash_key.=chr($this->rnd_key[$i]);
  75                 }
  76                 for ($i=0;$i<count($this->stringtokey);$i++){
  77                         $hash_key.=chr($this->stringtokey[$i]);
  78                 }
  79
  80                 $data="";
  81                 for ($i=0;$i<count($this->intg_dkey);$i++){
  82                         $data.=chr($this->intg_dkey[$i]);
  83                 }
  84                 $sha1_hmac_raw=$this->hmacsha1($data,$hash_key);
  85                 $this->sha1hmac=array();
  86                 for ($i=0;$i<strlen($sha1_hmac_raw);$i++){
  87                         $this->sha1hmac[$i]=ord(substr($sha1_hmac_raw,$i,1));
  88                 }
  89
  90                 //MUST CHANGE for derive_key_encrypt
  91
  92                 $keys=array(3);
  93                 for($i = 0;$i < 3; $i++){
  94                         $keys[$i]=array(8);
  95                         for($j = 0;$j < 8; $j++) $keys[$i][$j]=$this->crypt_dkey[($i*8)+$j];
  96                 }
  97                 $ks1=$this->desclass->des_make_key_sched($keys[0]);
  98                 $ks2=$this->desclass->des_make_key_sched($keys[1]);
  99                 $ks3=$this->desclass->des_make_key_sched($keys[2]);
 100
 101                 $this->okey=$this->desclass->DES_ede3_cbc_encrypt($this->ekey,true,$ks1,$ks2,$ks3,16);
 102                 for ($i=0;$i<count($this->sha1hmac);$i++) $this->okey[]=$this->sha1hmac[$i];
 103                 $this->keystr="";
 104                 for($i=0;$i<count($this->okey);$i++) $this->keystr.=chr($this->okey[$i]);
 105                 return($this->keystr);
 106 /*              $stringh="";
 107                 for($i=0;$i<count($oekey);$i++) $stringh.=sprintf("%02x",$oekey[$i]);
 108                 print "OUT EKEY: ".$stringh."\n";*/
 109         }
 110
 111         function encode(){
 112                 $asn_int_1=new asnEncode();
 113                 $asn_int_1->encodeInteger($this->keytype);//tipo codificacion?
 114                 $asn_int_2=new asnEncode();
 115                 $asn_int_2->encodeInteger(3);
 116                 $asn_int_3=new asnEncode();
 117                 $asn_int_3->encodeInteger(3);
 118                 $asn_int_4=new asnEncode();
 119                 $asn_int_4->encodeInteger(1);
 120
 121                 $asn_salt=new asnEncode();
 122                 $asn_salt->encodeOctetString($this->salt);
 123                 $asn_key=new asnEncode();
 124                 $asn_key->encodeOctetString($this->keystr);
 125
 126                 $asn_salt_seq=new asnEncode();
 127                 $asn_salt_seq->encodeSequence(0,$asn_int_2->getStream());
 128                 $asn_salt_seq->encodeSequence(1,$asn_salt->getStream());
 129
 130                 $asn_salt_obj=new asnEncode();
 131                 $asn_salt_obj->encodeObject(0x30,$asn_salt_seq->getStream());
 132
 133                 $asn_seq3=new asnEncode();
 134                 $asn_seq3->encodeSequence(0,$asn_int_1->getStream());
 135                 $asn_seq3->encodeSequence(1,$asn_key->getStream());
 136                 $asn_seq3->encodeSequence(2,$asn_salt_obj->getStream());
 137
 138                 $asn_key_obj=new asnEncode();
 139                 $asn_key_obj->encodeObject(0x30,$asn_seq3->getStream());
 140
 141                 $asn_seq4=new asnEncode();
 142                 $asn_seq4->encodeSequence(0,$asn_int_4->getStream());
 143                 $asn_seq4->encodeSequence(1,$asn_key_obj->getStream());
 144
 145                 $asn_obj=new asnEncode();
 146                 $asn_obj->encodeObject(0x30,$asn_seq4->getStream());
 147                 $this->b64=base64_encode($asn_obj->printString());
 148         }
 149
 150         function printKey(){
 151                 printf("key(base64):\n".$this->b64."\n");
 152         }
 153
 154         function hmacsha1($key,$data){
 155                 $blocksize=64;
 156                 $hashfunc='sha1';
 157                 if (strlen($key)>$blocksize)
 158                         $key=pack('H*', $hashfunc($key));
 159                 $key=str_pad($key,$blocksize,chr(0x00));
 160                 $ipad=str_repeat(chr(0x36),$blocksize);
 161                 $opad=str_repeat(chr(0x5c),$blocksize);
 162                 $hmac = pack(
 163                         'H*',$hashfunc(
 164                                 ($key^$opad).pack(
 165                                         'H*',$hashfunc(
 166                                                 ($key^$ipad).$data
 167                                         )
 168                                 )
 169                         )
 170                 );
 171                 return($hmac);
 172                 //return bin2hex($hmac);
 173         }
 174
 175 };
 176 ?>