xref: /dports/mail/postfixadmin-lite/postfixadmin-d3bc1551/scripts/snippets/dovecot_crypt.php

<?php

define('SHA1_RESULTLEN', (160/8));
define('SHA256_RESULTLEN', (256 / 8));
define('CRAM_MD5_CONTEXTLEN', 32);
define('MD5_RESULTLEN', (128/8));
define('MD4_RESULTLEN', (128/8));
define('LM_HASH_SIZE', 16);
define('NTLMSSP_HASH_SIZE', 16);


class DovecotCrypt extends Crypt
{
    private $errormsg = [];

    private $salt_chars = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";


    /**
     * Array
     * Crypt type and which function handles it.
     * array('alogrithm' => array('encoding', 'length', 'verify', 'function'))
     */
    public $password_schemes = array(
        'CRYPT'      => array('NONE', 0, 'crypt_verify', 'crypt_generate'),
        'MD5'        => array('NONE', 0, 'md5_verify', 'md5_generate'),
        //'MD5-CRYPT'  => array('NONE', 0, 'md5_crypt_verify', 'md5_crypt_generate'),
        'SHA'        => array('BASE64', SHA1_RESULTLEN, null, 'sha1_generate'),
        'SHA1'       => array('BASE64', SHA1_RESULTLEN, null, 'sha1_generate'),
        //'SHA256'     => array('BASE64', SHA256_RESULTLEN, NULL, 'sha256_generate'),
        //'SMD5'       => array('BASE64', 0, 'smd5_verify', 'smd5_generate'),
        //'SSHA'       => array('BASE64', 0, 'ssha_verify', 'ssha_generate'),
        //'SSHA256'    => array('BASE64', 0, 'ssha356_verify', 'ssha256_generate'),
        'PLAIN'      => array('NONE', 0, null, 'plain_generate'),
        'CLEARTEXT'  => array('NONE', 0, null, 'plain_generate'),
        'CRAM-MD5'   => array('HEX', CRAM_MD5_CONTEXTLEN, null, 'cram_md5_generate'),
        //'HMAC-MD5'   => array('HEX', CRAM_MD5_CONTEXTLEN, NULL, 'cram_md5_generate'),
        //'DIGEST-MD5' => array('HEX', MD5_RESULTLEN, NULL, 'digest_md5_generate'),
        //'PLAIN-MD4'  => array('HEX', MD4_RESULTLEN, NULL, 'plain_md4_generate'),
        //'PLAIN-MD5'  => array('HEX', MD5_RESULTLEN, NULL, 'plain_md5_generate'),
        //'LDAP-MD5'   => array('BASE64', MD5_RESULTLEN, NULL, 'plain_md5_generate'),
        //'LANMAN'     => array('HEX', LM_HASH_SIZE, NULL, 'lm_generate'),
        //'NTLM'       => array('HEX', NTLMSSP_HASH_SIZE, NULL, 'ntlm_generate'),
        //'OTP'        => array('NONE', 0, 'otp_verify', 'otp_generate'),
        //'SKEY'       => array('NONE', 0, 'otp_verify', 'skey_generate'),
        //'RPA'        => array('HEX', MD5_RESULTLEN, NULL, 'rpa_generate'),
    );



    public function crypt($algorithm)
    {
        if (!array_key_exists($algorithm, $this->password_schemes)) {
            $this->errormsg[] = "This password scheme isn't supported. Check our Wiki!";
            return false;
        }

        $scheme = $this->password_schemes[$algorithm];
        $func = '__'.$scheme[3];

        $this->password = $this->$func($this->plain);
        //$this->plain = '';
        return true;
    }

    public function verify($algorithm, $password)
    {
        if (!array_key_exists($algorithm, $this->password_schemes)) {
            $this->errormsg[] = "This password scheme isn't supported. Check our Wiki!";
            return false;
        }

        $scheme = $this->password_schemes[$algorithm];
        if ($scheme[2] == null) {
            $this->errormsg[] = "This password scheme doesn't support verification";
            return false;
        }

        $func = '__'.$scheme[2];
        return  $this->$func($this->plain, $password);
    }

    private function __crypt_verify($plaintext, $password)
    {
        $crypted = crypt($plaintext, $password);
        return strcmp($crypted, $password) == 0;
    }
    private function __crypt_generate($plaintext)
    {
        $password = crypt($plaintext);
        return $password;
    }
    private function __md5_generate($plaintext)
    {
        return $plaintext;
    }
    private function __sha1_generate()
    {
    }
    private function __plain_generate()
    {
    }
    private function __cram_md5_generate($plaintext)
    {

        #http://hg.dovecot.org/dovecot-1.2/file/84373d238073/src/lib/hmac-md5.c
        #http://hg.dovecot.org/dovecot-1.2/file/84373d238073/src/auth/password-scheme.c cram_md5_generate
        #am i right that the hmac salt is the plaintext password itself?
        $salt = $plaintext;
        if (function_exists('hash_hmac')) {  //Some providers doesn't offers hash access.
            return hash_hmac('md5', $plaintext, $salt);
        } else {
            return custom_hmac('md5', $plaintext, $salt);
        }
    }


    /**
     * @return string
     */
    public function custom_hmac($algo, $data, $key, $raw_output = false)
    {
        $algo = strtolower($algo);
        $pack = 'H'.strlen($algo('test'));
        $size = 64;
        $opad = str_repeat(chr(0x5C), $size);
        $ipad = str_repeat(chr(0x36), $size);

        if (strlen($key) > $size) {
            $key = str_pad(pack($pack, $algo($key)), $size, chr(0x00));
        } else {
            $key = str_pad($key, $size, chr(0x00));
        }

        for ($i = 0; $i < strlen($key) - 1; $i++) {
            $opad[$i] = $opad[$i] ^ $key[$i];
            $ipad[$i] = $ipad[$i] ^ $key[$i];
        }

        $output = $algo($opad.pack($pack, $algo($ipad.$data)));

        return ($raw_output) ? pack($pack, $output) : $output;
    }
}