1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
/*
+----------------------------------------------------------------------+
| Suhosin Version 1 |
+----------------------------------------------------------------------+
| Copyright (c) 2006-2007 The Hardened-PHP Project |
| Copyright (c) 2007-2010 SektionEins GmbH |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Author: Juergen Pabel <jpabel@akkaya.de> |
+----------------------------------------------------------------------+
*/
#ifdef SUHOSIN_EXPERIMENTAL
#include <stdio.h>
#include "php.h"
#include "php_suhosin.h"
#include "sha256.h"
static char cryptkey[32];
/* {{{ proto string secureconfig_encrypt(string plaintext)
Encrypt a configuration value using the configured cryptographic key */
static PHP_FUNCTION(suhosin_secureconfig_encrypt)
{
char *plaintext, *ciphertext;
int plaintext_len, ciphertext_len;
int i;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &plaintext, &plaintext_len) == FAILURE) {
return;
}
ciphertext = suhosin_encrypt_string(plaintext, plaintext_len, "", 0, cryptkey TSRMLS_CC);
if(ciphertext == NULL) {
return;
}
ciphertext_len = strlen(ciphertext);
/* undo suhosin_encrypt_string()'s base64 alphabet transformation */
for (i=0; i<ciphertext_len; i++) {
switch (ciphertext[i]) {
case '-': ciphertext[i]='/'; break;
case '.': ciphertext[i]='='; break;
case '_': ciphertext[i]='+'; break;
}
}
RETURN_STRINGL((char *)ciphertext, ciphertext_len, 1);
}
/* }}} */
/* {{{ proto string secureconfig_decrypt(string ciphertext)
Decrypt a configuration value using the configured cryptographic key */
static PHP_FUNCTION(suhosin_secureconfig_decrypt)
{
char *plaintext, *ciphertext;
int plaintext_len, ciphertext_len;
int i;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &ciphertext, &ciphertext_len) == FAILURE) {
return;
}
/* redo suhosin_encrypt_string()'s base64 alphabet transformation */
for (i=0; i<ciphertext_len; i++) {
switch (ciphertext[i]) {
case '/': ciphertext[i]='-'; break;
case '=': ciphertext[i]='.'; break;
case '+': ciphertext[i]='_'; break;
}
}
plaintext = suhosin_decrypt_string(ciphertext, ciphertext_len, "", 0, cryptkey, &plaintext_len, 0 TSRMLS_CC);
if(plaintext == NULL || plaintext_len <= 0) {
return;
}
RETURN_STRINGL((char *)plaintext, plaintext_len, 1);
}
/* }}} */
/* {{{ suhosin_secureconfig_functions[]
*/
static function_entry suhosin_secureconfig_functions[] = {
PHP_NAMED_FE(secureconfig_encrypt, PHP_FN(suhosin_secureconfig_encrypt), NULL)
PHP_NAMED_FE(secureconfig_decrypt, PHP_FN(suhosin_secureconfig_decrypt), NULL)
{NULL, NULL, NULL}
};
/* }}} */
void suhosin_hook_secureconfig(TSRMLS_D)
{
char* key;
suhosin_SHA256_CTX ctx;
// TSRMLS_FETCH();
/* check if we already have secureconfig support */
if (zend_hash_exists(CG(function_table), "secureconfig_encrypt", sizeof("secureconfig_encrypt"))) {
return;
}
key = SUHOSIN_G(secureconfig_cryptkey);
if (key != NULL) {
suhosin_SHA256Init(&ctx);
suhosin_SHA256Update(&ctx, (unsigned char*)key, strlen(key));
suhosin_SHA256Final((unsigned char *)cryptkey, &ctx);
} else {
memset(cryptkey, 0x55 /*fallback key with alternating bits*/, 32);
}
/* add the secureconfig functions */
#ifndef ZEND_ENGINE_2
zend_register_functions(suhosin_secureconfig_functions, NULL, MODULE_PERSISTENT TSRMLS_CC);
#else
zend_register_functions(NULL, suhosin_secureconfig_functions, NULL, MODULE_PERSISTENT TSRMLS_CC);
#endif
}
#endif /* SUHOSIN_EXPERIMENTAL */
/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
* vim600: sw=4 ts=4 fdm=marker
* vim<600: sw=4 ts=4
*/
|
