1<?php
2// +-----------------------------------------------------------------------+
3// | Copyright (c) 2002-2003 Richard Heyes                                 |
4// | All rights reserved.                                                  |
5// |                                                                       |
6// | Redistribution and use in source and binary forms, with or without    |
7// | modification, are permitted provided that the following conditions    |
8// | are met:                                                              |
9// |                                                                       |
10// | o Redistributions of source code must retain the above copyright      |
11// |   notice, this list of conditions and the following disclaimer.       |
12// | o Redistributions in binary form must reproduce the above copyright   |
13// |   notice, this list of conditions and the following disclaimer in the |
14// |   documentation and/or other materials provided with the distribution.|
15// | o The names of the authors may not be used to endorse or promote      |
16// |   products derived from this software without specific prior written  |
17// |   permission.                                                         |
18// |                                                                       |
19// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS   |
20// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT     |
21// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
22// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT  |
23// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
24// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT      |
25// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
26// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
27// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT   |
28// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
29// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  |
30// |                                                                       |
31// +-----------------------------------------------------------------------+
32// | Author: Richard Heyes <richard@php.net>                               |
33// +-----------------------------------------------------------------------+
34//
35// $Id$
36
37/**
38* Common functionality to SASL mechanisms
39*
40* @author  Richard Heyes <richard@php.net>
41* @access  public
42* @version 1.0
43* @package Auth_SASL
44*/
45
46/**
47 * Z-Push changes
48 *
49 * removed PEAR dependency by implementing own raiseError()
50 *
51 * Reference implementation used:
52 * http://download.pear.php.net/package/Auth_SASL-1.0.6.tgz
53 *
54 *
55 */
56
57class Auth_SASL_Common
58{
59    /**
60    * Function which implements HMAC MD5 digest
61    *
62    * @param  string $key  The secret key
63    * @param  string $data The data to hash
64    * @param  bool $raw_output Whether the digest is returned in binary or hexadecimal format.
65    *
66    * @return string       The HMAC-MD5 digest
67    */
68    function _HMAC_MD5($key, $data, $raw_output = FALSE)
69    {
70        if (strlen($key) > 64) {
71            $key = pack('H32', md5($key));
72        }
73
74        if (strlen($key) < 64) {
75            $key = str_pad($key, 64, chr(0));
76        }
77
78        $k_ipad = substr($key, 0, 64) ^ str_repeat(chr(0x36), 64);
79        $k_opad = substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64);
80
81        $inner  = pack('H32', md5($k_ipad . $data));
82        $digest = md5($k_opad . $inner, $raw_output);
83
84        return $digest;
85    }
86
87    /**
88    * Function which implements HMAC-SHA-1 digest
89    *
90    * @param  string $key  The secret key
91    * @param  string $data The data to hash
92    * @param  bool $raw_output Whether the digest is returned in binary or hexadecimal format.
93    * @return string       The HMAC-SHA-1 digest
94    * @author Jehan <jehan.marmottard@gmail.com>
95    * @access protected
96    */
97    protected function _HMAC_SHA1($key, $data, $raw_output = FALSE)
98    {
99        if (strlen($key) > 64) {
100            $key = sha1($key, TRUE);
101        }
102
103        if (strlen($key) < 64) {
104            $key = str_pad($key, 64, chr(0));
105        }
106
107        $k_ipad = substr($key, 0, 64) ^ str_repeat(chr(0x36), 64);
108        $k_opad = substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64);
109
110        $inner  = pack('H40', sha1($k_ipad . $data));
111        $digest = sha1($k_opad . $inner, $raw_output);
112
113         return $digest;
114     }
115
116/**
117     * Z-Push helper for error logging
118     * removing PEAR dependency
119     *
120     * @param  string  debug message
121     * @return boolean always false as there was an error
122     * @access private
123     */
124    function raiseError($message) {
125        ZLog::Write(LOGLEVEL_ERROR, "SCRAM error: ". $message);
126        return false;
127    }
128}