cookie encryption

author: Ben Fuhrmannek 2016-02-24 00:36:35 +0100
committer: Ben Fuhrmannek 2016-02-24 00:36:35 +0100
commit: 346455c6b5716c8ce095235428614e15c0adf13e (patch)
tree: aaa648869e88287ed34c6d36cc06474d062b4b32 /cookiecrypt.c
parent: 35b7c9a0e3f8a0daf1718a8ba9889a2aec24dc84 (diff)
1 files changed, 146 insertions, 0 deletions
diff --git a/cookiecrypt.c b/cookiecrypt.c
new file mode 100644
index 0000000..70b0c5a
--- /dev/null
+++ b/cookiecrypt.c
@@ -0,0 +1,146 @@
+/*
+  +----------------------------------------------------------------------+
+  | Suhosin Version 1                                                    |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 2006-2007 The Hardened-PHP Project                     |
+  | Copyright (c) 2007-2016 SektionEins GmbH                             |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 3.01 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available through the world-wide-web at the following url:           |
+  | http://www.php.net/license/3_01.txt                                  |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Authors: Stefan Esser <sesser@sektioneins.de>                        |
+  |          Ben Fuhrmannek <ben.fuhrmannek@sektioneins.de>              |
+  +----------------------------------------------------------------------+
+*/
+/*
+  $Id: header.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 
+*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include "php.h"
+#include "ext/standard/url.h"
+#include "php_suhosin7.h"
+#include "php_variables.h"
+zend_string *suhosin_encrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key)
+{
+        int l;
+        name = estrndup(name, name_len);        
+        name_len = php_url_decode(name, name_len);
+        suhosin_normalize_varname(name);
+        name_len = strlen(name);
+        
+        if ((SUHOSIN7_G(cookie_plainlist) && zend_hash_str_exists(SUHOSIN7_G(cookie_plainlist), name, name_len)) ||
+                (SUHOSIN7_G(cookie_plainlist) == NULL && SUHOSIN7_G(cookie_cryptlist) && !zend_hash_str_exists(SUHOSIN7_G(cookie_cryptlist), name, name_len))) {
+                efree(name);
+                return zend_string_init(value, value_len, 0);
+        }
+        value = estrndup(value, value_len);
+        value_len = php_url_decode(value, value_len);
+        
+        zend_string *d = suhosin_encrypt_string(value, value_len, name, name_len, key);
+        zend_string *d_url = php_url_encode(ZSTR_VAL(d), ZSTR_LEN(d));
+        zend_string_release(d);
+        efree(name);
+        efree(value);
+        return d_url;
+}
+char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key, char **out)
+{
+        char *name2 = estrndup(name, name_len);
+        int name2_len = php_url_decode(name2, name_len);
+        suhosin_normalize_varname(name2);
+        name2_len = strlen(name2);
+        
+        if ((SUHOSIN7_G(cookie_plainlist) && zend_hash_str_exists(SUHOSIN7_G(cookie_plainlist), name2, name2_len)) ||
+                (SUHOSIN7_G(cookie_plainlist) == NULL && SUHOSIN7_G(cookie_cryptlist) && !zend_hash_str_exists(SUHOSIN7_G(cookie_cryptlist), name2, name2_len))) {
+        // if (1) {
+                efree(name2);
+                memcpy(*out, name, name_len);
+                *out += name_len;
+                **out = '='; *out +=1;
+                memcpy(*out, value, value_len);
+                *out += value_len;
+                return *out;
+        }
+        
+        value = estrndup(value, value_len);
+        value_len = php_url_decode(value, value_len);
+        
+        zend_string *d = suhosin_decrypt_string(value, value_len, name2, name2_len, key, SUHOSIN7_G(cookie_checkraddr));
+        if (d) {
+                zend_string *d_url = php_url_encode(ZSTR_VAL(d), ZSTR_LEN(d));
+                zend_string_release(d);
+                memcpy(*out, name, name_len);
+                *out += name_len;
+                **out = '='; *out += 1;
+                memcpy(*out, ZSTR_VAL(d_url), ZSTR_LEN(d_url));
+                *out += ZSTR_LEN(d_url);
+                zend_string_release(d_url);
+        }
+        efree(name2);
+        efree(value);
+        
+        return *out;
+}
+/* {{{ suhosin_cookie_decryptor
+ */
+char *suhosin_cookie_decryptor(char *raw_cookie)
+{
+        // SDEBUG("raw cookie: %s", raw_cookie);
+        char *decrypted, *ret;
+        // int j;
+        char cryptkey[33];
+        suhosin_generate_key(SUHOSIN7_G(cookie_cryptkey), SUHOSIN7_G(cookie_cryptua), SUHOSIN7_G(cookie_cryptdocroot), SUHOSIN7_G(cookie_cryptraddr), cryptkey);
+        SDEBUG("cryptkey=%02x.%02x.%02x", cryptkey[0], cryptkey[1], cryptkey[2]);
+        
+        ret = decrypted = emalloc(strlen(raw_cookie)*4+1);
+        raw_cookie = estrdup(raw_cookie);
+        SUHOSIN7_G(raw_cookie) = estrdup(raw_cookie);
+        char *strtok_buf = NULL;
+        char *var, *val;
+        const char *separator = ";\0";
+        for (char *var = php_strtok_r(raw_cookie, separator, &strtok_buf); var; var = php_strtok_r(NULL, separator, &strtok_buf)) {
+                val = strchr(var, '=');
+                while (isspace(*var)) { var++; }
+                if (var == val || *var == '\0') { continue; }
+                if (val) {
+                        *val++ = '\0';
+                        // size_t var_len = php_url_decode(var, strlen(var));
+                        size_t var_len = strlen(var);
+                        // size_t val_len = php_url_decode(val, strlen(val));
+                        size_t val_len = strlen(val);
+                        SDEBUG("decrypting cookie |%s|%s|", var, val);
+                        suhosin_decrypt_single_cookie(var, var_len, val, val_len, cryptkey, &decrypted);
+                        SDEBUG("ret is now %s", ret);
+                        *decrypted++ = ';';
+                } else {
+                        // ??
+                }
+        }
+        *decrypted++ = 0;
+        ret = erealloc(ret, decrypted-ret);
+        
+        SUHOSIN7_G(decrypted_cookie) = ret;
+        efree(raw_cookie);
+                
+        return ret;
+}
+/* }}} */
author	Ben Fuhrmannek	2016-02-24 00:36:35 +0100
committer	Ben Fuhrmannek	2016-02-24 00:36:35 +0100
commit	346455c6b5716c8ce095235428614e15c0adf13e (patch)
tree	aaa648869e88287ed34c6d36cc06474d062b4b32 /cookiecrypt.c
parent	35b7c9a0e3f8a0daf1718a8ba9889a2aec24dc84 (diff)

diff --git a/cookiecrypt.c b/cookiecrypt.c new file mode 100644 index 0000000..70b0c5a --- /dev/null +++ b/cookiecrypt.c
@@ -0,0 +1,146 @@
	1	/*
	2	+----------------------------------------------------------------------+
	3	\| Suhosin Version 1 \|
	4	+----------------------------------------------------------------------+
	5	\| Copyright (c) 2006-2007 The Hardened-PHP Project \|
	6	\| Copyright (c) 2007-2016 SektionEins GmbH \|
	7	+----------------------------------------------------------------------+
	8	\| This source file is subject to version 3.01 of the PHP license, \|
	9	\| that is bundled with this package in the file LICENSE, and is \|
	10	\| available through the world-wide-web at the following url: \|
	11	\| http://www.php.net/license/3_01.txt \|
	12	\| If you did not receive a copy of the PHP license and are unable to \|
	13	\| obtain it through the world-wide-web, please send a note to \|
	14	\| license@php.net so we can mail you a copy immediately. \|
	15	+----------------------------------------------------------------------+
	16	\| Authors: Stefan Esser <sesser@sektioneins.de> \|
	17	\| Ben Fuhrmannek <ben.fuhrmannek@sektioneins.de> \|
	18	+----------------------------------------------------------------------+
	19	*/
	20	/*
	21	$Id: header.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
	22	*/
	23
	24	#ifdef HAVE_CONFIG_H
	25	#include "config.h"
	26	#endif
	27
	28	#include "php.h"
	29	#include "ext/standard/url.h"
	30	#include "php_suhosin7.h"
	31	#include "php_variables.h"
	32
	33
	34	zend_string suhosin_encrypt_single_cookie(char name, int name_len, char value, int value_len, char key)
	35	{
	36	int l;
	37
	38	name = estrndup(name, name_len);
	39	name_len = php_url_decode(name, name_len);
	40	suhosin_normalize_varname(name);
	41	name_len = strlen(name);
	42
	43	if ((SUHOSIN7_G(cookie_plainlist) && zend_hash_str_exists(SUHOSIN7_G(cookie_plainlist), name, name_len)) \|\|
	44	(SUHOSIN7_G(cookie_plainlist) == NULL && SUHOSIN7_G(cookie_cryptlist) && !zend_hash_str_exists(SUHOSIN7_G(cookie_cryptlist), name, name_len))) {
	45	efree(name);
	46	return zend_string_init(value, value_len, 0);
	47	}
	48
	49	value = estrndup(value, value_len);
	50	value_len = php_url_decode(value, value_len);
	51
	52	zend_string *d = suhosin_encrypt_string(value, value_len, name, name_len, key);
	53	zend_string *d_url = php_url_encode(ZSTR_VAL(d), ZSTR_LEN(d));
	54	zend_string_release(d);
	55	efree(name);
	56	efree(value);
	57	return d_url;
	58	}
	59
	60	char suhosin_decrypt_single_cookie(char name, int name_len, char value, int value_len, char key, char **out)
	61	{
	62	char *name2 = estrndup(name, name_len);
	63	int name2_len = php_url_decode(name2, name_len);
	64	suhosin_normalize_varname(name2);
	65	name2_len = strlen(name2);
	66
	67	if ((SUHOSIN7_G(cookie_plainlist) && zend_hash_str_exists(SUHOSIN7_G(cookie_plainlist), name2, name2_len)) \|\|
	68	(SUHOSIN7_G(cookie_plainlist) == NULL && SUHOSIN7_G(cookie_cryptlist) && !zend_hash_str_exists(SUHOSIN7_G(cookie_cryptlist), name2, name2_len))) {
	69	// if (1) {
	70	efree(name2);
	71	memcpy(*out, name, name_len);
	72	*out += name_len;
	73	*out = '='; out +=1;
	74	memcpy(*out, value, value_len);
	75	*out += value_len;
	76	return *out;
	77	}
	78
	79	value = estrndup(value, value_len);
	80	value_len = php_url_decode(value, value_len);
	81
	82	zend_string *d = suhosin_decrypt_string(value, value_len, name2, name2_len, key, SUHOSIN7_G(cookie_checkraddr));
	83	if (d) {
	84	zend_string *d_url = php_url_encode(ZSTR_VAL(d), ZSTR_LEN(d));
	85	zend_string_release(d);
	86	memcpy(*out, name, name_len);
	87	*out += name_len;
	88	*out = '='; out += 1;
	89	memcpy(*out, ZSTR_VAL(d_url), ZSTR_LEN(d_url));
	90	*out += ZSTR_LEN(d_url);
	91	zend_string_release(d_url);
	92	}
	93
	94	efree(name2);
	95	efree(value);
	96
	97	return *out;
	98	}
	99
	100	/* {{{ suhosin_cookie_decryptor
	101	*/
	102	char suhosin_cookie_decryptor(char raw_cookie)
	103	{
	104	// SDEBUG("raw cookie: %s", raw_cookie);
	105	char decrypted, ret;
	106	// int j;
	107	char cryptkey[33];
	108
	109	suhosin_generate_key(SUHOSIN7_G(cookie_cryptkey), SUHOSIN7_G(cookie_cryptua), SUHOSIN7_G(cookie_cryptdocroot), SUHOSIN7_G(cookie_cryptraddr), cryptkey);
	110	SDEBUG("cryptkey=%02x.%02x.%02x", cryptkey[0], cryptkey[1], cryptkey[2]);
	111
	112	ret = decrypted = emalloc(strlen(raw_cookie)*4+1);
	113	raw_cookie = estrdup(raw_cookie);
	114	SUHOSIN7_G(raw_cookie) = estrdup(raw_cookie);
	115
	116	char *strtok_buf = NULL;
	117	char var, val;
	118	const char *separator = ";\0";
	119	for (char *var = php_strtok_r(raw_cookie, separator, &strtok_buf); var; var = php_strtok_r(NULL, separator, &strtok_buf)) {
	120	val = strchr(var, '=');
	121	while (isspace(*var)) { var++; }
	122	if (var == val \|\| *var == '\0') { continue; }
	123	if (val) {
	124	*val++ = '\0';
	125	// size_t var_len = php_url_decode(var, strlen(var));
	126	size_t var_len = strlen(var);
	127	// size_t val_len = php_url_decode(val, strlen(val));
	128	size_t val_len = strlen(val);
	129	SDEBUG("decrypting cookie \|%s\|%s\|", var, val);
	130	suhosin_decrypt_single_cookie(var, var_len, val, val_len, cryptkey, &decrypted);
	131	SDEBUG("ret is now %s", ret);
	132	*decrypted++ = ';';
	133	} else {
	134	// ??
	135	}
	136	}
	137
	138	*decrypted++ = 0;
	139	ret = erealloc(ret, decrypted-ret);
	140
	141	SUHOSIN7_G(decrypted_cookie) = ret;
	142	efree(raw_cookie);
	143
	144	return ret;
	145	}
	146	/* }}} */