int64_t HHVM_FUNCTION(mcrypt_generic_init, const Resource& td,
const String& key,
const String& iv) {
auto pm = cast<MCrypt>(td);
int max_key_size = mcrypt_enc_get_key_size(pm->m_td);
int iv_size = mcrypt_enc_get_iv_size(pm->m_td);
if (key.empty()) {
raise_warning("Key size is 0");
}
unsigned char *key_s = (unsigned char *)malloc(key.size());
memset(key_s, 0, key.size());
unsigned char *iv_s = (unsigned char *)malloc(iv_size + 1);
memset(iv_s, 0, iv_size + 1);
int key_size;
if (key.size() > max_key_size) {
raise_warning("Key size too large; supplied length: %d, max: %d",
key.size(), max_key_size);
key_size = max_key_size;
} else {
key_size = key.size();
}
memcpy(key_s, key.data(), key.size());
if (iv.size() != iv_size) {
raise_warning("Iv size incorrect; supplied length: %d, needed: %d",
iv.size(), iv_size);
}
memcpy(iv_s, iv.data(), std::min(iv_size, iv.size()));
mcrypt_generic_deinit(pm->m_td);
int result = mcrypt_generic_init(pm->m_td, key_s, key_size, iv_s);
/* If this function fails, close the mcrypt module to prevent crashes
* when further functions want to access this resource */
if (result < 0) {
pm->close();
switch (result) {
case -3:
raise_warning("Key length incorrect");
break;
case -4:
raise_warning("Memory allocation error");
break;
case -1:
default:
raise_warning("Unknown error");
break;
}
} else {
pm->m_init = true;
}
free(iv_s);
free(key_s);
return result;
}
static unsigned
cipher_key_size(PX_Cipher * c)
{
MCRYPT ctx = (MCRYPT) c->ptr;
return mcrypt_enc_get_key_size(ctx);
}
int64_t f_mcrypt_get_key_size(CStrRef cipher, CStrRef module) {
MCRYPT td = mcrypt_module_open((char*)cipher.data(),
(char*)MCG(algorithms_dir).data(),
(char*)module.data(),
(char*)MCG(modes_dir).data());
if (td == MCRYPT_FAILED) {
raise_warning(MCRYPT_OPEN_MODULE_FAILED);
return false;
}
int64_t ret = mcrypt_enc_get_key_size(td);
mcrypt_module_close(td);
return ret;
}
static int internal_end_mcrypt(MCRYPT td)
{
mxfree(td->keyword_given, mcrypt_enc_get_key_size(td));
td->keyword_given = NULL;
mxfree(td->akey, mcrypt_get_size(td));
td->akey = NULL;
end_mcrypt(td, td->abuf);
if (td->abuf!=NULL) mxfree(td->abuf, mcrypt_mode_get_size(td));
td->abuf = NULL;
return 0;
}
Variant HHVM_FUNCTION(mcrypt_get_key_size, const String& cipher,
const String& module) {
MCRYPT td = mcrypt_module_open((char*)cipher.data(),
(char*)MCG(algorithms_dir).data(),
(char*)module.data(),
(char*)MCG(modes_dir).data());
if (td == MCRYPT_FAILED) {
MCRYPT_OPEN_MODULE_FAILED("mcrypt_get_key_size");
return false;
}
int64_t ret = mcrypt_enc_get_key_size(td);
mcrypt_module_close(td);
return ret;
}
Aes256::Aes256(BinData key):
key_( std::move(key) ),
iv_( generateRandomData( ivSize() ) ),
td_(MCRYPT_RIJNDAEL_256, MCRYPT_CFB)
{
if( key_.size()!=iv_.size() )
throw std::runtime_error("key and IV size differ");
assert( static_cast<size_t>(mcrypt_enc_get_key_size(td_.get()))==keySize() );
assert( static_cast<size_t>(mcrypt_enc_get_iv_size(td_.get())) ==ivSize() );
int ret;
if( (ret = mcrypt_generic_init(td_.get(), key_.data(), key_.size(), iv_.data())) < 0 )
throw std::runtime_error( (Util::ErrStrm{}<<"mcrypt_generic_init(): "<<mcrypt_strerror(ret)).str().c_str() );
}
/*
* list_key_sizes(td)
*
* Returns a pointer to an array of integer key sizes for the mcrypt
* handle. This returns the actual list, as opposed to
* mcrypt_enc_get_supported_key_sizes which sometimes just returns a
* formula to create the list.
*
* The list is terminated with a zero.
*
*/
int *list_key_sizes(MCRYPT td) {
int *list;
int *key_sizes, n_key_sizes, i;
key_sizes = mcrypt_enc_get_supported_key_sizes(td, &n_key_sizes);
if (!key_sizes && !n_key_sizes) {
int max_size = mcrypt_enc_get_key_size(td);
list = malloc( (max_size + 1) * sizeof(int) );
if (!list) {
fprintf(stderr, "Out of memory\n");
return NULL;
}
for (i = 0; i < max_size; i++) {
list[i] = i;
}
list[max_size] = 0;
}
else {
list = malloc( (n_key_sizes + 1) * sizeof(int) );
if (!list) {
fprintf(stderr, "Out of memory\n");
return NULL;
}
for (i = 0; i < n_key_sizes; i++) {
list[i] = key_sizes[i];
}
list[n_key_sizes] = 0;
free(key_sizes);
}
return list;
}
static Variant php_mcrypt_do_crypt(CStrRef cipher, CStrRef key, CStrRef data,
CStrRef mode, CStrRef iv, bool dencrypt) {
MCRYPT td = mcrypt_module_open((char*)cipher.data(),
(char*)MCG(algorithms_dir).data(),
(char*)mode.data(),
(char*)MCG(modes_dir).data());
if (td == MCRYPT_FAILED) {
raise_warning(MCRYPT_OPEN_MODULE_FAILED);
return false;
}
/* Checking for key-length */
int max_key_length = mcrypt_enc_get_key_size(td);
if (key.size() > max_key_length) {
raise_warning("Size of key is too large for this algorithm");
}
int count;
int *key_length_sizes = mcrypt_enc_get_supported_key_sizes(td, &count);
int use_key_length;
char *key_s = NULL;
if (count == 0 && key_length_sizes == NULL) { // all lengths 1 - k_l_s = OK
use_key_length = key.size();
key_s = (char*)malloc(use_key_length);
memcpy(key_s, key.data(), use_key_length);
} else if (count == 1) { /* only m_k_l = OK */
key_s = (char*)malloc(key_length_sizes[0]);
memset(key_s, 0, key_length_sizes[0]);
memcpy(key_s, key.data(), MIN(key.size(), key_length_sizes[0]));
use_key_length = key_length_sizes[0];
} else { /* dertermine smallest supported key > length of requested key */
use_key_length = max_key_length; /* start with max key length */
for (int i = 0; i < count; i++) {
if (key_length_sizes[i] >= key.size() &&
key_length_sizes[i] < use_key_length) {
use_key_length = key_length_sizes[i];
}
}
key_s = (char*)malloc(use_key_length);
memset(key_s, 0, use_key_length);
memcpy(key_s, key.data(), MIN(key.size(), use_key_length));
}
mcrypt_free(key_length_sizes);
/* Check IV */
char *iv_s = NULL;
int iv_size = mcrypt_enc_get_iv_size(td);
/* IV is required */
if (mcrypt_enc_mode_has_iv(td) == 1) {
if (!iv.empty()) {
if (iv_size != iv.size()) {
raise_warning("The IV parameter must be as long as the blocksize");
} else {
iv_s = (char*)malloc(iv_size + 1);
memcpy(iv_s, iv.data(), iv_size);
}
} else {
raise_warning("Attempt to use an empty IV, which is NOT recommended");
iv_s = (char*)malloc(iv_size + 1);
memset(iv_s, 0, iv_size + 1);
}
}
int block_size;
unsigned long int data_size;
String s;
char *data_s;
/* Check blocksize */
if (mcrypt_enc_is_block_mode(td) == 1) { /* It's a block algorithm */
block_size = mcrypt_enc_get_block_size(td);
data_size = (((data.size() - 1) / block_size) + 1) * block_size;
s = String(data_size, ReserveString);
data_s = (char*)s.mutableSlice().ptr;
memset(data_s, 0, data_size);
memcpy(data_s, data.data(), data.size());
} else { /* It's not a block algorithm */
data_size = data.size();
s = String(data_size, ReserveString);
data_s = (char*)s.mutableSlice().ptr;
memcpy(data_s, data.data(), data.size());
}
if (mcrypt_generic_init(td, key_s, use_key_length, iv_s) < 0) {
raise_warning("Mcrypt initialisation failed");
return false;
}
if (dencrypt) {
mdecrypt_generic(td, data_s, data_size);
} else {
mcrypt_generic(td, data_s, data_size);
}
/* freeing vars */
mcrypt_generic_end(td);
if (key_s != NULL) {
free(key_s);
}
if (iv_s != NULL) {
free(iv_s);
}
return s.setSize(data_size);
}
int64_t f_mcrypt_enc_get_key_size(CObjRef td) {
return mcrypt_enc_get_key_size(td.getTyped<MCrypt>()->m_td);
}
int main()
{
MCRYPT td, td2;
int i, t, imax;
int j, jmax, ivsize;
int x = 0, siz;
char **names;
char **modes;
char *text;
unsigned char *IV;
unsigned char *key;
int keysize;
names = mcrypt_list_algorithms (ALGORITHMS_DIR, &jmax);
modes = mcrypt_list_modes (MODES_DIR, &imax);
if (names==NULL || modes==NULL) {
fprintf(stderr, "Error getting algorithms/modes\n");
exit(1);
}
for (j=0;j<jmax;j++) {
printf( "Algorithm: %s... ", names[j]);
if (mcrypt_module_self_test( names[j], ALGORITHMS_DIR)==0) {
printf( "ok\n");
} else {
x=1;
printf( "\n");
}
printf( "Modes:\n");
for (i=0;i<imax;i++) {
td = mcrypt_module_open(names[j], ALGORITHMS_DIR, modes[i], MODES_DIR);
td2 = mcrypt_module_open(names[j], ALGORITHMS_DIR, modes[i], MODES_DIR);
if (td != MCRYPT_FAILED && td2 != MCRYPT_FAILED) {
keysize = mcrypt_enc_get_key_size(td);
key = calloc(1, keysize);
if (key==NULL) exit(1);
for (t=0;t<keysize;t++)
key[t] = (t % 255) + 13;
ivsize = mcrypt_enc_get_iv_size(td);
if (ivsize>0) {
IV = calloc( 1, ivsize);
if (IV==NULL) exit(1);
for (t=0;t<ivsize;t++)
IV[t] = (t*2 % 255) + 15;
}
if (mcrypt_generic_init( td, key, keysize, IV) < 0) {
fprintf(stderr, "Failed to Initialize algorithm!\n");
return -1;
}
if (mcrypt_enc_is_block_mode(td)!=0)
siz = (strlen(TEXT) / mcrypt_enc_get_block_size(td))*mcrypt_enc_get_block_size(td);
else siz = strlen(TEXT);
text = calloc( 1, siz);
if (text==NULL) exit(1);
memmove( text, TEXT, siz);
mcrypt_generic( td, text, siz);
if (mcrypt_generic_init( td2, key, keysize, IV) < 0) {
fprintf(stderr, "Failed to Initialize algorithm!\n");
return -1;
}
mdecrypt_generic( td2, text, siz);
if ( memcmp( text, TEXT, siz) == 0) {
printf( " %s: ok\n", modes[i]);
} else {
printf( " %s: failed\n", modes[i]);
x=1;
}
mcrypt_generic_deinit(td);
mcrypt_generic_deinit(td2);
mcrypt_module_close(td);
mcrypt_module_close(td2); free(text);
free(key);
if (ivsize>0) free(IV);
}
}
printf("\n");
}
mcrypt_free_p(names, jmax);
mcrypt_free_p(modes, imax);
if (x>0) fprintf(stderr, "\nProbably some of the algorithms listed above failed. "
"Try not to use these algorithms, and file a bug report to [email protected]\n\n");
return x;
}
static int internal_init_mcrypt(MCRYPT td, const void *key, int lenofkey, const void *IV)
{
int *sizes = NULL;
int num_of_sizes, i, ok = 0;
int key_size = mcrypt_enc_get_key_size(td);
if (lenofkey > key_size || lenofkey==0) {
return MCRYPT_KEY_LEN_ERROR; /* error */
}
sizes = mcrypt_enc_get_supported_key_sizes(td, &num_of_sizes);
if (sizes != NULL) {
for (i = 0; i < num_of_sizes; i++) {
if (lenofkey == sizes[i]) {
ok = 1;
break;
}
}
} else { /* sizes==NULL */
if (num_of_sizes == 0
&& lenofkey <= mcrypt_enc_get_key_size(td))
ok = 1;
}
if (ok == 0) { /* not supported key size */
key_size = mcrypt_enc_get_key_size(td);
if (sizes != NULL) {
for (i = 0; i < num_of_sizes; i++) {
if (lenofkey <= sizes[i]) {
key_size = sizes[i];
break;
}
}
} else { /* well every key size is supported! */
key_size = lenofkey;
}
} else {
key_size = lenofkey;
}
free(sizes);
td->keyword_given = mxcalloc(1, mcrypt_enc_get_key_size(td));
if (td->keyword_given==NULL) return MCRYPT_MEMORY_ALLOCATION_ERROR;
memmove(td->keyword_given, key, lenofkey);
i = mcrypt_get_size(td);
td->akey = mxcalloc(1, i);
if (td->akey==NULL) {
free(td->keyword_given);
return MCRYPT_MEMORY_ALLOCATION_ERROR;
}
i = mcrypt_mode_get_size(td);
if (i > 0) {
td->abuf = mxcalloc(1, i);
if (td->abuf==NULL) {
free(td->keyword_given);
free(td->akey);
return MCRYPT_MEMORY_ALLOCATION_ERROR;
}
}
ok = init_mcrypt(td, td->abuf, key, key_size, IV);
if (ok!=0) {
free(td->keyword_given);
free(td->akey);
free(td->abuf);
return MCRYPT_UNKNOWN_ERROR; /* algorithm error */
}
ok = mcrypt_set_key(td,
(void *) td->akey,
(void *) td->keyword_given,
key_size, IV, IV!=NULL ? mcrypt_enc_get_iv_size(td) : 0);
if (ok!=0) {
internal_end_mcrypt(td);
return MCRYPT_UNKNOWN_ERROR; /* algorithm error */
}
return 0;
}
int64_t HHVM_FUNCTION(mcrypt_enc_get_key_size, const Resource& td) {
return mcrypt_enc_get_key_size(cast<MCrypt>(td)->m_td);
}
int64_t HHVM_FUNCTION(mcrypt_enc_get_key_size, const Resource& td) {
return mcrypt_enc_get_key_size(td.getTyped<MCrypt>()->m_td);
}
/* {{{ php_mcrypt_filter_create
* Instantiate mcrypt filter
*/
static php_stream_filter *php_mcrypt_filter_create(const char *filtername, zval *filterparams, int persistent)
{
int encrypt = 1, iv_len, key_len, keyl, result;
const char *cipher = filtername + sizeof("mcrypt.") - 1;
zval *tmpzval;
MCRYPT mcrypt_module;
char *iv = NULL, *key = NULL;
char *algo_dir = INI_STR("mcrypt.algorithms_dir");
char *mode_dir = INI_STR("mcrypt.modes_dir");
char *mode = "cbc";
php_mcrypt_filter_data *data;
if (strncasecmp(filtername, "mdecrypt.", sizeof("mdecrypt.") - 1) == 0) {
encrypt = 0;
cipher += sizeof("de") - 1;
} else if (strncasecmp(filtername, "mcrypt.", sizeof("mcrypt.") - 1) != 0) {
/* Should never happen */
return NULL;
}
if (!filterparams || Z_TYPE_P(filterparams) != IS_ARRAY) {
php_error_docref(NULL, E_WARNING, "Filter parameters for %s must be an array", filtername);
return NULL;
}
if ((tmpzval = zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("mode")))) {
if (Z_TYPE_P(tmpzval) == IS_STRING) {
mode = Z_STRVAL_P(tmpzval);
} else {
php_error_docref(NULL, E_WARNING, "mode is not a string, ignoring");
}
}
if ((tmpzval=zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("algorithms_dir")))) {
if (Z_TYPE_P(tmpzval) == IS_STRING) {
algo_dir = Z_STRVAL_P(tmpzval);
} else {
php_error_docref(NULL, E_WARNING, "algorithms_dir is not a string, ignoring");
}
}
if ((tmpzval=zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("modes_dir")))) {
if (Z_TYPE_P(tmpzval) == IS_STRING) {
mode_dir = Z_STRVAL_P(tmpzval);
} else {
php_error_docref(NULL, E_WARNING, "modes_dir is not a string, ignoring");
}
}
if ((tmpzval = zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("key"))) &&
Z_TYPE_P(tmpzval) == IS_STRING) {
key = Z_STRVAL_P(tmpzval);
key_len = (int)Z_STRLEN_P(tmpzval);
} else {
php_error_docref(NULL, E_WARNING, "key not specified or is not a string");
return NULL;
}
mcrypt_module = mcrypt_module_open((char *)cipher, algo_dir, mode, mode_dir);
if (mcrypt_module == MCRYPT_FAILED) {
php_error_docref(NULL, E_WARNING, "Could not open encryption module");
return NULL;
}
iv_len = mcrypt_enc_get_iv_size(mcrypt_module);
keyl = mcrypt_enc_get_key_size(mcrypt_module);
if (keyl < key_len) {
key_len = keyl;
}
if (!(tmpzval = zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("iv"))) ||
Z_TYPE_P(tmpzval) != IS_STRING) {
php_error_docref(NULL, E_WARNING, "Filter parameter[iv] not provided or not of type: string");
mcrypt_module_close(mcrypt_module);
return NULL;
}
iv = emalloc(iv_len + 1);
if ((size_t)iv_len <= Z_STRLEN_P(tmpzval)) {
memcpy(iv, Z_STRVAL_P(tmpzval), iv_len);
} else {
memcpy(iv, Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval));
memset(iv + Z_STRLEN_P(tmpzval), 0, iv_len - Z_STRLEN_P(tmpzval));
}
result = mcrypt_generic_init(mcrypt_module, key, key_len, iv);
efree(iv);
if (result < 0) {
switch (result) {
case -3:
php_error_docref(NULL, E_WARNING, "Key length incorrect");
break;
case -4:
php_error_docref(NULL, E_WARNING, "Memory allocation error");
break;
case -1:
default:
php_error_docref(NULL, E_WARNING, "Unknown error");
break;
}
mcrypt_module_close(mcrypt_module);
return NULL;
}
data = pemalloc(sizeof(php_mcrypt_filter_data), persistent);
data->module = mcrypt_module;
data->encrypt = encrypt;
if (mcrypt_enc_is_block_mode(mcrypt_module)) {
data->blocksize = mcrypt_enc_get_block_size(mcrypt_module);
data->block_buffer = pemalloc(data->blocksize, persistent);
} else {
data->blocksize = 0;
data->block_buffer = NULL;
}
data->block_used = 0;
data->persistent = persistent;
return php_stream_filter_alloc(&php_mcrypt_filter_ops, data, persistent);
}
int main()
{
MCRYPT td, td2;
int i, t, imax;
int j, jmax, ivsize;
int x = 0, siz;
char *text;
unsigned char *IV;
unsigned char *key;
int keysize;
td = mcrypt_module_open("idea", ALGORITHMS_DIR, "cbc", MODES_DIR);
td2 = mcrypt_module_open("idea", ALGORITHMS_DIR, "cbc", MODES_DIR);
if (td != MCRYPT_FAILED && td2 != MCRYPT_FAILED) {
fprintf(stderr, "Created IDEA cipher.\n");
keysize = mcrypt_enc_get_key_size(td);
fprintf(stderr, "Cipher key size %d.\n", keysize);
key = calloc(1, keysize);
if (key==NULL) exit(1);
for (t=0;t<keysize;t++)
key[t] = (t % 255) + 13;
ivsize = mcrypt_enc_get_iv_size(td);
fprintf(stderr, "IV size %d.\n", ivsize);
if (ivsize>0) {
IV = calloc( 1, ivsize);
if (IV==NULL) exit(1);
for (t=0;t<ivsize;t++)
IV[t] = (t*2 % 255) + 15;
}
if (mcrypt_generic_init( td, key, keysize, IV) < 0) {
fprintf(stderr, "Failed to Initialize algorithm!\n");
return -1;
}
if (mcrypt_enc_is_block_mode(td)!=0)
siz = (strlen(TEXT) / mcrypt_enc_get_block_size(td))*mcrypt_enc_get_block_size(td);
else siz = strlen(TEXT);
text = calloc( 1, siz);
if (text==NULL) exit(1);
memmove( text, TEXT, siz);
mcrypt_generic( td, text, siz);
if (mcrypt_generic_init( td2, key, keysize, IV) < 0) {
fprintf(stderr, "Failed to Initialize algorithm!\n");
return -1;
}
mdecrypt_generic( td2, text, siz);
if ( memcmp( text, TEXT, siz) == 0) {
printf( " %s: ok\n", "cbc");
} else {
printf( " %s: failed\n", "cbc");
x=1;
}
mcrypt_generic_deinit(td);
mcrypt_generic_deinit(td2);
mcrypt_module_close(td);
mcrypt_module_close(td2);
free(text);
free(key);
if (ivsize>0) free(IV);
}
return 0;
}
