diff options
author | Aleksander Machniak <alec@alec.pl> | 2012-07-23 08:52:23 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2012-07-23 08:52:23 +0200 |
commit | 114cf1281b1546f1efb8f78f92b179dd6afcaaa9 (patch) | |
tree | f97b2629dadc1282de790eb93de34931edb4c5cf /program/lib/Auth/SASL | |
parent | 7938312aaa802122e7740bcd789b8469919bc875 (diff) |
Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#1488571)
Diffstat (limited to 'program/lib/Auth/SASL')
-rw-r--r-- | program/lib/Auth/SASL/Common.php | 105 | ||||
-rw-r--r-- | program/lib/Auth/SASL/External.php | 2 |
2 files changed, 69 insertions, 38 deletions
diff --git a/program/lib/Auth/SASL/Common.php b/program/lib/Auth/SASL/Common.php index e7a18e2de..d8c5610d1 100644 --- a/program/lib/Auth/SASL/Common.php +++ b/program/lib/Auth/SASL/Common.php @@ -1,37 +1,37 @@ <?php -// +-----------------------------------------------------------------------+ -// | Copyright (c) 2002-2003 Richard Heyes | -// | All rights reserved. | -// | | -// | Redistribution and use in source and binary forms, with or without | -// | modification, are permitted provided that the following conditions | -// | are met: | -// | | -// | o Redistributions of source code must retain the above copyright | -// | notice, this list of conditions and the following disclaimer. | -// | o Redistributions in binary form must reproduce the above copyright | -// | notice, this list of conditions and the following disclaimer in the | -// | documentation and/or other materials provided with the distribution.| -// | o The names of the authors may not be used to endorse or promote | -// | products derived from this software without specific prior written | -// | permission. | -// | | -// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | -// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | -// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | -// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | -// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | -// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | -// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | -// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | -// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | -// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | -// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | -// | | -// +-----------------------------------------------------------------------+ -// | Author: Richard Heyes <richard@php.net> | -// +-----------------------------------------------------------------------+ -// +// +-----------------------------------------------------------------------+ +// | Copyright (c) 2002-2003 Richard Heyes | +// | All rights reserved. | +// | | +// | Redistribution and use in source and binary forms, with or without | +// | modification, are permitted provided that the following conditions | +// | are met: | +// | | +// | o Redistributions of source code must retain the above copyright | +// | notice, this list of conditions and the following disclaimer. | +// | o Redistributions in binary form must reproduce the above copyright | +// | notice, this list of conditions and the following disclaimer in the | +// | documentation and/or other materials provided with the distribution.| +// | o The names of the authors may not be used to endorse or promote | +// | products derived from this software without specific prior written | +// | permission. | +// | | +// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | +// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | +// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | +// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | +// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | +// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | +// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | +// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | +// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | +// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | +// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | +// | | +// +-----------------------------------------------------------------------+ +// | Author: Richard Heyes <richard@php.net> | +// +-----------------------------------------------------------------------+ +// // $Id$ /** @@ -49,10 +49,12 @@ class Auth_SASL_Common * Function which implements HMAC MD5 digest * * @param string $key The secret key - * @param string $data The data to protect - * @return string The HMAC MD5 digest + * @param string $data The data to hash + * @param bool $raw_output Whether the digest is returned in binary or hexadecimal format. + * + * @return string The HMAC-MD5 digest */ - function _HMAC_MD5($key, $data) + function _HMAC_MD5($key, $data, $raw_output = FALSE) { if (strlen($key) > 64) { $key = pack('H32', md5($key)); @@ -66,9 +68,38 @@ class Auth_SASL_Common $k_opad = substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64); $inner = pack('H32', md5($k_ipad . $data)); - $digest = md5($k_opad . $inner); + $digest = md5($k_opad . $inner, $raw_output); return $digest; } + + /** + * Function which implements HMAC-SHA-1 digest + * + * @param string $key The secret key + * @param string $data The data to hash + * @param bool $raw_output Whether the digest is returned in binary or hexadecimal format. + * @return string The HMAC-SHA-1 digest + * @author Jehan <jehan.marmottard@gmail.com> + * @access protected + */ + protected function _HMAC_SHA1($key, $data, $raw_output = FALSE) + { + if (strlen($key) > 64) { + $key = sha1($key, TRUE); + } + + if (strlen($key) < 64) { + $key = str_pad($key, 64, chr(0)); + } + + $k_ipad = substr($key, 0, 64) ^ str_repeat(chr(0x36), 64); + $k_opad = substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64); + + $inner = pack('H40', sha1($k_ipad . $data)); + $digest = sha1($k_opad . $inner, $raw_output); + + return $digest; + } } ?> diff --git a/program/lib/Auth/SASL/External.php b/program/lib/Auth/SASL/External.php index 86a17cb7a..c5ae25e75 100644 --- a/program/lib/Auth/SASL/External.php +++ b/program/lib/Auth/SASL/External.php @@ -32,7 +32,7 @@ // | Author: Christoph Schulz <develop@kristov.de> | // +-----------------------------------------------------------------------+ // -// $Id: External.php 286825 2009-08-05 06:23:42Z cweiske $ +// $Id$ /** * Implmentation of EXTERNAL SASL mechanism |