include/heimdal/genkey.php

   1 <?php
   2 /*
   3  * genkey.php,v 1.0 2006/08/25 21:00:00
   4  *
   5  * Copyright 2006 Alejandro Escanero Blanco <aescanero@chaosdimension.org>
   6  *
   7  * See the enclosed file COPYING for license information (GPL).  If you
   8  * did not receive this file, see http://www.fsf.org/copyleft/gpl.html.
   9  */
  10
  11 require_once("deslib.php");
  12 require_once("mkey.php");
  13 require_once("asnencode.php");
  14
  15 class genkey{
  16
  17         var $masterkey;
  18         var $desclass;
  19         var $intg_dkey;
  20         var $crypt_dkey;
  21         var $rnd_key;
  22         var $stringtokey;
  23         var $ekey;
  24         var $keytype;
  25         var $salt;
  26         var $sha1_hmac;
  27         var $okey;
  28         var $keystr;
  29         var $b64;
  30
  31         function genkey($mkey){
  32                 if($mkey->getKeyType_Entry(0)!=DES3_CBC_SHA1) die ("only spported DES3_CBC_SHA1 m-key");
  33                 $this->masterkey=$mkey->getKey_Entry_A(0);
  34                 /* printf("mkey: ");
  35                         for ($i=0;$i<count($this->masterkey);$i++) printf("%02x",$this->masterkey[$i]);
  36                         printf("\n");*/
  37                 $this->desclass=new Des();
  38                 $this->intg_dkey=$this->desclass->derive_key_integrity($this->masterkey);
  39                 $this->crypt_dkey=$this->desclass->derive_key_encrypt($this->masterkey);
  40                 $this->rnd_key=$this->desclass->DES_new_random_key(8);
  41                 $this->ekey=$this->rnd_key;
  42         }
  43
  44         function generate($keytype,$name,$realm,$pass){
  45                 $this->keytype=$keytype;
  46                 $this->salt=$realm.$name;
  47                 switch($keytype){
  48                         case DES_CBC_CRC:
  49                         case DES_CBC_MD4:
  50                         case DES_CBC_MD5:
  51                                 $this->desclass->DesStringToKey($pass,$realm,$name);
  52                         break;
  53                         case DES3_CBC_MD5:
  54                                 $this->desclass->Des3StringToKey($pass,$realm,$name);
  55                         break;
  56                         case DES3_CBC_SHA1:
  57                                 $this->desclass->Des3StringToKeyDerived($pass,$realm,$name);
  58                         break;
  59                         default:
  60                         die ("keytype not supported, supported keys are: des-cbc-crc,des-cbc-md4,des-cbc-md5,des3-cbc-md5,des3-cbc-sha1");
  61                 }
  62                 $this->stringtokey=$this->desclass->out;
  63                 for ($i=0;$i<count($this->stringtokey);$i++){
  64                         $this->ekey[8+$i]=$this->stringtokey[$i];
  65                 }
  66                 $hash_key="";
  67                 for ($i=0;$i<count($this->rnd_key);$i++){
  68                         $hash_key.=chr($this->rnd_key[$i]);
  69                 }
  70                 for ($i=0;$i<count($this->stringtokey);$i++){
  71                         $hash_key.=chr($this->stringtokey[$i]);
  72                 }
  73
  74                 $data="";
  75                 for ($i=0;$i<count($this->intg_dkey);$i++){
  76                         $data.=chr($this->intg_dkey[$i]);
  77                 }
  78                 $sha1_hmac_raw=$this->hmacsha1($data,$hash_key);
  79                 $this->sha1hmac=array();
  80                 for ($i=0;$i<strlen($sha1_hmac_raw);$i++){
  81                         $this->sha1hmac[$i]=ord(substr($sha1_hmac_raw,$i,1));
  82                 }
  83
  84                 //MUST CHANGE for derive_key_encrypt
  85
  86                 $keys=array(3);
  87                 for($i = 0;$i < 3; $i++){
  88                         $keys[$i]=array(8);
  89                         for($j = 0;$j < 8; $j++) $keys[$i][$j]=$this->crypt_dkey[($i*8)+$j];
  90                 }
  91                 $ks1=$this->desclass->des_make_key_sched($keys[0]);
  92                 $ks2=$this->desclass->des_make_key_sched($keys[1]);
  93                 $ks3=$this->desclass->des_make_key_sched($keys[2]);
  94
  95                 $this->okey=$this->desclass->DES_ede3_cbc_encrypt($this->ekey,true,$ks1,$ks2,$ks3,16);
  96                 for ($i=0;$i<count($this->sha1hmac);$i++) $this->okey[]=$this->sha1hmac[$i];
  97                 $this->keystr="";
  98                 for($i=0;$i<count($this->okey);$i++) $this->keystr.=chr($this->okey[$i]);
  99                 return($this->keystr);
 100 /*              $stringh="";
 101                 for($i=0;$i<count($oekey);$i++) $stringh.=sprintf("%02x",$oekey[$i]);
 102                 print "OUT EKEY: ".$stringh."\n";*/
 103         }
 104
 105         function encode(){
 106                 $asn_int_1=new asnEncode();
 107                 $asn_int_1->encodeInteger($this->keytype);//tipo codificacion?
 108                 $asn_int_2=new asnEncode();
 109                 $asn_int_2->encodeInteger(3);
 110                 $asn_int_3=new asnEncode();
 111                 $asn_int_3->encodeInteger(3);
 112                 $asn_int_4=new asnEncode();
 113                 $asn_int_4->encodeInteger(1);
 114
 115                 $asn_salt=new asnEncode();
 116                 $asn_salt->encodeOctetString($this->salt);
 117                 $asn_key=new asnEncode();
 118                 $asn_key->encodeOctetString($this->keystr);
 119
 120                 $asn_salt_seq=new asnEncode();
 121                 $asn_salt_seq->encodeSequence(0,$asn_int_2->getStream());
 122                 $asn_salt_seq->encodeSequence(1,$asn_salt->getStream());
 123
 124                 $asn_salt_obj=new asnEncode();
 125                 $asn_salt_obj->encodeObject(0x30,$asn_salt_seq->getStream());
 126
 127                 $asn_seq3=new asnEncode();
 128                 $asn_seq3->encodeSequence(0,$asn_int_1->getStream());
 129                 $asn_seq3->encodeSequence(1,$asn_key->getStream());
 130                 $asn_seq3->encodeSequence(2,$asn_salt_obj->getStream());
 131
 132                 $asn_key_obj=new asnEncode();
 133                 $asn_key_obj->encodeObject(0x30,$asn_seq3->getStream());
 134
 135                 $asn_seq4=new asnEncode();
 136                 $asn_seq4->encodeSequence(0,$asn_int_4->getStream());
 137                 $asn_seq4->encodeSequence(1,$asn_key_obj->getStream());
 138
 139                 $asn_obj=new asnEncode();
 140                 $asn_obj->encodeObject(0x30,$asn_seq4->getStream());
 141                 $this->b64=base64_encode($asn_obj->printString());
 142         }
 143
 144         function printKey(){
 145                 printf("key(base64):\n".$this->b64."\n");
 146         }
 147
 148         function hmacsha1($key,$data){
 149                 $blocksize=64;
 150                 $hashfunc='sha1';
 151                 if (strlen($key)>$blocksize)
 152                         $key=pack('H*', $hashfunc($key));
 153                 $key=str_pad($key,$blocksize,chr(0x00));
 154                 $ipad=str_repeat(chr(0x36),$blocksize);
 155                 $opad=str_repeat(chr(0x5c),$blocksize);
 156                 $hmac = pack(
 157                         'H*',$hashfunc(
 158                                 ($key^$opad).pack(
 159                                         'H*',$hashfunc(
 160                                                 ($key^$ipad).$data
 161                                         )
 162                                 )
 163                         )
 164                 );
 165                 return($hmac);
 166                 //return bin2hex($hmac);
 167         }
 168
 169 };
 170 ?>