add filters to mcrypt

diff --git a/ext/mcrypt/config.m4 b/ext/mcrypt/config.m4
index 683b260ac7832d90643174a859dad8e82d847899..cc68d8627ba544d606c3614886262baedd02f957 100644 (file)
--- a/ext/mcrypt/config.m4
+++ b/ext/mcrypt/config.m4
@@ -55,5 +55,5 @@ if test "$PHP_MCRYPT" != "no"; then
   PHP_ADD_INCLUDE($MCRYPT_DIR/include)
 
   PHP_SUBST(MCRYPT_SHARED_LIBADD)
-  PHP_NEW_EXTENSION(mcrypt, mcrypt.c, $ext_shared)
+  PHP_NEW_EXTENSION(mcrypt, mcrypt.c mcrypt_filter.c, $ext_shared)
 fi

diff --git a/ext/mcrypt/config.w32 b/ext/mcrypt/config.w32
index 7fcf5b297e46ca1fa4ca7918992373326a234ba4..1f899770133c4fd21c28ad8486c9630b69d930cc 100644 (file)
--- a/ext/mcrypt/config.w32
+++ b/ext/mcrypt/config.w32
@@ -8,12 +8,11 @@ if (PHP_MCRYPT != "no") {
        if (CHECK_HEADER_ADD_INCLUDE('mcrypt.h', 'CFLAGS_MCRYPT') &&
                        CHECK_LIB('libmcrypt_a.lib;libmcrypt.lib', 'mcrypt') &&
                        CHECK_LIB('Advapi32.lib', 'mcrypt')
-               ) {
-               EXTENSION('mcrypt', 'mcrypt.c', false);
+                       ) {
+               EXTENSION('mcrypt', 'mcrypt.c mcrypt_filter.c', false);
                AC_DEFINE('HAVE_LIBMCRYPT', 1);
                AC_DEFINE('HAVE_LIBMCRYPT24', 1);
        } else {
                WARNING("mcrypt not enabled; libraries and headers not found");
        }
 }
-

diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index 3cf74e086f6f129f8601e6f1b48443ca8758a33c..2a6a864e2b66a3cbf0fa78d787e967a645586e6c 100644 (file)
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -41,6 +41,7 @@
 #include "php_globals.h"
 #include "ext/standard/info.h"
 #include "ext/standard/php_rand.h"
+#include "php_mcrypt_filter.h"
 
 static int le_mcrypt;
 
@@ -414,12 +415,19 @@ static PHP_MINIT_FUNCTION(mcrypt) /* {{{ */
        MCRYPT_ENTRY2_2_4(MODE_OFB, "ofb");
        MCRYPT_ENTRY2_2_4(MODE_STREAM, "stream");
        REGISTER_INI_ENTRIES();
+
+       php_stream_filter_register_factory("mcrypt.*", &php_mcrypt_filter_factory TSRMLS_CC);
+       php_stream_filter_register_factory("mdecrypt.*", &php_mcrypt_filter_factory TSRMLS_CC);
+
        return SUCCESS;
 }
 /* }}} */
 
 static PHP_MSHUTDOWN_FUNCTION(mcrypt) /* {{{ */
 {
+       php_stream_filter_unregister_factory("mcrypt.*" TSRMLS_CC);
+       php_stream_filter_unregister_factory("mdecrypt.*" TSRMLS_CC);
+
        UNREGISTER_INI_ENTRIES();
        return SUCCESS;
 }
@@ -461,6 +469,7 @@ PHP_MINFO_FUNCTION(mcrypt) /* {{{ */
 
        php_info_print_table_start();
        php_info_print_table_header(2, "mcrypt support", "enabled");
+       php_info_print_table_header(2, "mcrypt_filter support", "enabled");
        php_info_print_table_row(2, "Version", LIBMCRYPT_VERSION);
        php_info_print_table_row(2, "Api No", mcrypt_api_no);
        php_info_print_table_row(2, "Supported ciphers", tmp1.c);

diff --git a/ext/mcrypt/mcrypt_filter.c b/ext/mcrypt/mcrypt_filter.c
new file mode 100644 (file)
index 0000000..43590ee
--- /dev/null
+++ b/ext/mcrypt/mcrypt_filter.c
@@ -0,0 +1,289 @@
+/*
+  +----------------------------------------------------------------------+
+  | PHP Version 6                                                        |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 1997-2010 The PHP Group                                |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 3.01 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available through the world-wide-web at the following url:           |
+  | http://www.php.net/license/3_01.txt                                  |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Author: Sara Golemon <pollita@php.net>                               |
+  +----------------------------------------------------------------------+
+
+  $Id$ 
+*/
+
+#include "php.h"
+
+#include "php_mcrypt_filter.h"
+#include "php_ini.h"
+#include <mcrypt.h>
+
+typedef struct _php_mcrypt_filter_data {
+       MCRYPT module;
+       char encrypt;
+       int blocksize;
+       char *block_buffer;
+       int block_used;
+       char persistent;
+} php_mcrypt_filter_data;
+
+static php_stream_filter_status_t php_mcrypt_filter(
+       php_stream *stream,
+       php_stream_filter *thisfilter,
+       php_stream_bucket_brigade *buckets_in,
+       php_stream_bucket_brigade *buckets_out,
+       size_t *bytes_consumed,
+       int flags TSRMLS_DC)
+{
+       php_mcrypt_filter_data *data;
+       php_stream_bucket *bucket;
+       size_t consumed = 0;
+       php_stream_filter_status_t exit_status = PSFS_FEED_ME;
+
+       if (!thisfilter || !thisfilter->abstract) {
+               /* Should never happen */
+               return PSFS_ERR_FATAL;
+       }
+
+       data = (php_mcrypt_filter_data *)(thisfilter->abstract);
+       while(buckets_in->head) {
+               bucket = buckets_in->head;
+
+               if (bucket->buf_type == IS_UNICODE) {
+                       /* inflation not allowed for unicode data */
+                       return PSFS_ERR_FATAL;
+               }
+
+               consumed += bucket->buflen;
+
+               if (data->blocksize) {
+                       /* Blockmode cipher */
+                       char *outchunk;
+                       int chunklen = bucket->buflen + data->block_used, n;
+                       php_stream_bucket *newbucket;
+
+                       outchunk = pemalloc(chunklen, data->persistent);
+                       if (data->block_used) {
+                               memcpy(outchunk, data->block_buffer, data->block_used);
+                       }
+                       memcpy(outchunk + data->block_used, bucket->buf.s, bucket->buflen);
+
+                       for(n=0; (n + data->blocksize) <= chunklen; n += data->blocksize) {
+
+                               if (data->encrypt) {
+                                       mcrypt_generic(data->module, outchunk + n, data->blocksize);
+                               } else {
+                                       mdecrypt_generic(data->module, outchunk + n, data->blocksize);
+                               }
+                       }
+                       data->block_used = chunklen - n;
+                       memcpy(data->block_buffer, outchunk + n, data->block_used);
+
+                       newbucket = php_stream_bucket_new(stream, outchunk, n, 1, data->persistent TSRMLS_CC);
+                       php_stream_bucket_append(buckets_out, newbucket TSRMLS_CC);
+
+                       exit_status = PSFS_PASS_ON;
+
+                       php_stream_bucket_unlink(bucket TSRMLS_CC);
+                       php_stream_bucket_delref(bucket TSRMLS_CC);
+               } else {
+                       /* Stream cipher */
+                       php_stream_bucket_make_writeable(bucket TSRMLS_CC);
+                       if (data->encrypt) {
+                               mcrypt_generic(data->module, bucket->buf.s, bucket->buflen);
+                       } else {
+                               mdecrypt_generic(data->module, bucket->buf.s, bucket->buflen);
+                       }
+                       php_stream_bucket_append(buckets_out, bucket TSRMLS_CC);
+
+                       exit_status = PSFS_PASS_ON;
+               }
+       }
+
+       if ((flags & PSFS_FLAG_FLUSH_CLOSE) && data->blocksize && data->block_used) {
+               php_stream_bucket *newbucket;
+
+               memset(data->block_buffer + data->block_used, 0, data->blocksize - data->block_used);
+               if (data->encrypt) {
+                       mcrypt_generic(data->module, data->block_buffer, data->blocksize);
+               } else {
+                       mdecrypt_generic(data->module, data->block_buffer, data->blocksize);
+               }
+
+               newbucket = php_stream_bucket_new(stream, data->block_buffer, data->blocksize, 0, data->persistent TSRMLS_CC);
+               php_stream_bucket_append(buckets_out, newbucket TSRMLS_CC);
+
+               exit_status = PSFS_PASS_ON;
+       }
+
+       if (bytes_consumed) {
+               *bytes_consumed = consumed;
+       }
+
+       return exit_status;
+}
+
+static void php_mcrypt_filter_dtor(php_stream_filter *thisfilter TSRMLS_DC)
+{
+       if (thisfilter && thisfilter->abstract) {
+               php_mcrypt_filter_data *data = (php_mcrypt_filter_data*)thisfilter->abstract;
+
+               if (data->block_buffer) {
+                       pefree(data->block_buffer, data->persistent);
+               }
+
+               mcrypt_generic_deinit(data->module);
+               mcrypt_module_close(data->module);
+
+               pefree(data, data->persistent);
+       }
+}
+
+static php_stream_filter_ops php_mcrypt_filter_ops = {
+    php_mcrypt_filter,
+    php_mcrypt_filter_dtor,
+    "mcrypt.*",
+       PSFO_FLAG_ACCEPTS_STRING | PSFO_FLAG_OUTPUTS_STRING
+};
+
+/* {{{ php_mcrypt_filter_create
+ * Instantiate mcrypt filter
+ */
+static php_stream_filter *php_mcrypt_filter_create(const char *filtername, zval *filterparams, int persistent TSRMLS_DC)
+{
+       int encrypt = 1, iv_len, key_len, keyl, result;
+       const char *cipher = filtername + sizeof("mcrypt.") - 1;
+       zval **tmpzval;
+       MCRYPT mcrypt_module;
+       char *iv = NULL, *key = NULL;
+       char *algo_dir = INI_STR("mcrypt.algorithms_dir");
+       char *mode_dir = INI_STR("mcrypt.modes_dir");
+       char *mode = "cbc";
+       php_mcrypt_filter_data *data;
+
+       if (strncasecmp(filtername, "mdecrypt.", sizeof("mdecrypt.") - 1) == 0) {
+               encrypt = 0;
+               cipher += sizeof("de") - 1;
+       } else if (strncasecmp(filtername, "mcrypt.", sizeof("mcrypt.") - 1) != 0) {
+               /* Should never happen */
+               return NULL;
+       }
+
+       if (!filterparams || Z_TYPE_P(filterparams) != IS_ARRAY) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filter parameters for %s must be an array", filtername);
+               return NULL;
+       }
+
+       if (zend_ascii_hash_find(HASH_OF(filterparams), "mode", sizeof("mode"), (void**)&tmpzval) == SUCCESS) {
+               if (Z_TYPE_PP(tmpzval) == IS_STRING) {
+                       mode = Z_STRVAL_PP(tmpzval);
+               } else {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "mode is not a string, ignoring");
+               }
+       }
+
+       if (zend_ascii_hash_find(HASH_OF(filterparams), "algorithms_dir", sizeof("algorithms_dir"), (void**)&tmpzval) == SUCCESS) {
+               if (Z_TYPE_PP(tmpzval) == IS_STRING) {
+                       algo_dir = Z_STRVAL_PP(tmpzval);
+               } else {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "algorithms_dir is not a string, ignoring");
+               }
+       }
+
+       if (zend_ascii_hash_find(HASH_OF(filterparams), "modes_dir", sizeof("modes_dir"), (void**)&tmpzval) == SUCCESS) {
+               if (Z_TYPE_PP(tmpzval) == IS_STRING) {
+                       mode_dir = Z_STRVAL_PP(tmpzval);
+               } else {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "modes_dir is not a string, ignoring");
+               }
+       }
+
+       if (zend_ascii_hash_find(HASH_OF(filterparams), "key", sizeof("key"), (void**)&tmpzval) == SUCCESS &&
+               Z_TYPE_PP(tmpzval) == IS_STRING) {
+               key = Z_STRVAL_PP(tmpzval);
+               key_len = Z_STRLEN_PP(tmpzval);
+       } else {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "key not specified or is not a string");
+               return NULL;
+       }
+
+       mcrypt_module = mcrypt_module_open(cipher, algo_dir, mode, mode_dir);
+       if (mcrypt_module == MCRYPT_FAILED) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not open encryption module");
+               return NULL;
+       }
+       iv_len = mcrypt_enc_get_iv_size(mcrypt_module);
+       keyl = mcrypt_enc_get_key_size(mcrypt_module);
+       if (keyl < key_len) {
+               key_len = keyl;
+       }
+
+       if (zend_ascii_hash_find(HASH_OF(filterparams), "iv", sizeof("iv"), (void**) &tmpzval) == FAILURE ||
+               Z_TYPE_PP(tmpzval) != IS_STRING) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filter parameter[iv] not provided or not of type: string");
+               mcrypt_module_close(mcrypt_module);
+               return NULL;
+       }
+
+       iv = emalloc(iv_len + 1);
+       if (iv_len <= Z_STRLEN_PP(tmpzval)) {
+               memcpy(iv, Z_STRVAL_PP(tmpzval), iv_len);
+       } else {
+               memcpy(iv, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval));
+               memset(iv + Z_STRLEN_PP(tmpzval), 0, iv_len - Z_STRLEN_PP(tmpzval));
+       }
+
+       result = mcrypt_generic_init(mcrypt_module, key, key_len, iv);
+       efree(iv);
+       if (result < 0) {
+               switch (result) {
+                       case -3:
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Key length incorrect");
+                               break;
+                       case -4:
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Memory allocation error");
+                               break;
+                       case -1:
+                       default:
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown error");
+                               break;
+               }
+               mcrypt_module_close(mcrypt_module);
+               return NULL;
+       }
+
+       data = pemalloc(sizeof(php_mcrypt_filter_data), persistent);
+       data->module = mcrypt_module;
+       data->encrypt = encrypt;
+       if (mcrypt_enc_is_block_mode(mcrypt_module)) {
+               data->blocksize = mcrypt_enc_get_block_size(mcrypt_module);
+               data->block_buffer = pemalloc(data->blocksize, persistent);
+       } else {
+               data->blocksize = 0;
+               data->block_buffer = NULL;
+       }
+       data->block_used = 0;
+       data->persistent = persistent;
+
+       return php_stream_filter_alloc(&php_mcrypt_filter_ops, data, persistent);
+}
+/* }}} */
+
+php_stream_filter_factory php_mcrypt_filter_factory = {
+       php_mcrypt_filter_create
+};
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: noet sw=4 ts=4 fdm=marker
+ * vim<600: noet sw=4 ts=4
+ */

diff --git a/ext/mcrypt/php_mcrypt_filter.h b/ext/mcrypt/php_mcrypt_filter.h
new file mode 100644 (file)
index 0000000..4b8d3e0
--- /dev/null
+++ b/ext/mcrypt/php_mcrypt_filter.h
@@ -0,0 +1,39 @@
+/*
+  +----------------------------------------------------------------------+
+  | PHP Version 6                                                        |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 1997-2010 The PHP Group                                |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 3.01 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available through the world-wide-web at the following url:           |
+  | http://www.php.net/license/3_01.txt                                  |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Author: Sara Golemon <pollita@php.net>                               |
+  +----------------------------------------------------------------------+
+
+  $Id$ 
+*/
+
+#ifndef PHP_MCRYPT_FILTER_H
+#define PHP_MCRYPT_FILTER_H
+
+extern php_stream_filter_factory php_mcrypt_filter_factory;
+
+PHP_MINIT_FUNCTION(mcrypt_filter);
+PHP_MSHUTDOWN_FUNCTION(mcrypt_filter);
+PHP_MINFO_FUNCTION(mcrypt_filter);
+
+#endif /* PHP_MCRYPT_FILTER_H */
+
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * indent-tabs-mode: t
+ * End:
+ */

diff --git a/ext/mcrypt/tests/mcrypt_filters.phpt b/ext/mcrypt/tests/mcrypt_filters.phpt
new file mode 100644 (file)
index 0000000..64c7183
--- /dev/null
+++ b/ext/mcrypt/tests/mcrypt_filters.phpt
@@ -0,0 +1,41 @@
+--TEST--
+mcrypt filters
+--SKIPIF--
+<?php if (!extension_loaded("mcrypt")) print "skip"; ?>
+--FILE--
+<?php
+foreach (stream_get_filters() as $f) {
+       if ($f == "mcrypt.*" || $f == "mdecrypt.*") {
+          echo "FOUND\n";
+       }
+}
+
+$secretfile = 'secert-file.tmp';
+$passphrase = 'My secret';
+
+$iv = substr(md5('iv'.$passphrase, true), 0, 8);
+$key = substr(md5('pass1'.$passphrase, true) . 
+               md5('pass2'.$passphrase, true), 0, 24);
+$opts = array('iv'=>$iv,'key'=>$key);
+
+$fp = fopen($secretfile, 'wb');
+stream_filter_append($fp, 'mcrypt.tripledes', STREAM_FILTER_WRITE, $opts);
+fwrite($fp, b'Secret secret secret data');
+fclose($fp);
+
+echo md5_file($secretfile)."\n";
+
+$fp = fopen($secretfile, 'rb');
+stream_filter_append($fp, 'mdecrypt.tripledes', STREAM_FILTER_READ, $opts);
+$data = stream_get_contents($fp);
+fclose($fp);
+
+echo $data."\n";
+
+@unlink($secretfile);
+
+--EXPECTF--
+FOUND
+FOUND
+32e14bd3c31f2bd666e4290ebdb166a7
+Secret secret secret data