From: Stanislav Malyshev Date: Fri, 15 Jan 2010 22:13:55 +0000 (+0000) Subject: add filters to mcrypt X-Git-Tag: php-5.4.0alpha1~191^2~2078 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=632be498eb1b95192baa6c95fda1a9edd7aed902;p=php add filters to mcrypt --- diff --git a/ext/mcrypt/config.m4 b/ext/mcrypt/config.m4 index 683b260ac7..cc68d8627b 100644 --- a/ext/mcrypt/config.m4 +++ b/ext/mcrypt/config.m4 @@ -55,5 +55,5 @@ if test "$PHP_MCRYPT" != "no"; then PHP_ADD_INCLUDE($MCRYPT_DIR/include) PHP_SUBST(MCRYPT_SHARED_LIBADD) - PHP_NEW_EXTENSION(mcrypt, mcrypt.c, $ext_shared) + PHP_NEW_EXTENSION(mcrypt, mcrypt.c mcrypt_filter.c, $ext_shared) fi diff --git a/ext/mcrypt/config.w32 b/ext/mcrypt/config.w32 index 7fcf5b297e..1f89977013 100644 --- a/ext/mcrypt/config.w32 +++ b/ext/mcrypt/config.w32 @@ -8,12 +8,11 @@ if (PHP_MCRYPT != "no") { if (CHECK_HEADER_ADD_INCLUDE('mcrypt.h', 'CFLAGS_MCRYPT') && CHECK_LIB('libmcrypt_a.lib;libmcrypt.lib', 'mcrypt') && CHECK_LIB('Advapi32.lib', 'mcrypt') - ) { - EXTENSION('mcrypt', 'mcrypt.c', false); + ) { + EXTENSION('mcrypt', 'mcrypt.c mcrypt_filter.c', false); AC_DEFINE('HAVE_LIBMCRYPT', 1); AC_DEFINE('HAVE_LIBMCRYPT24', 1); } else { WARNING("mcrypt not enabled; libraries and headers not found"); } } - diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index 3cf74e086f..2a6a864e2b 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -41,6 +41,7 @@ #include "php_globals.h" #include "ext/standard/info.h" #include "ext/standard/php_rand.h" +#include "php_mcrypt_filter.h" static int le_mcrypt; @@ -414,12 +415,19 @@ static PHP_MINIT_FUNCTION(mcrypt) /* {{{ */ MCRYPT_ENTRY2_2_4(MODE_OFB, "ofb"); MCRYPT_ENTRY2_2_4(MODE_STREAM, "stream"); REGISTER_INI_ENTRIES(); + + php_stream_filter_register_factory("mcrypt.*", &php_mcrypt_filter_factory TSRMLS_CC); + php_stream_filter_register_factory("mdecrypt.*", &php_mcrypt_filter_factory TSRMLS_CC); + return SUCCESS; } /* }}} */ static PHP_MSHUTDOWN_FUNCTION(mcrypt) /* {{{ */ { + php_stream_filter_unregister_factory("mcrypt.*" TSRMLS_CC); + php_stream_filter_unregister_factory("mdecrypt.*" TSRMLS_CC); + UNREGISTER_INI_ENTRIES(); return SUCCESS; } @@ -461,6 +469,7 @@ PHP_MINFO_FUNCTION(mcrypt) /* {{{ */ php_info_print_table_start(); php_info_print_table_header(2, "mcrypt support", "enabled"); + php_info_print_table_header(2, "mcrypt_filter support", "enabled"); php_info_print_table_row(2, "Version", LIBMCRYPT_VERSION); php_info_print_table_row(2, "Api No", mcrypt_api_no); php_info_print_table_row(2, "Supported ciphers", tmp1.c); diff --git a/ext/mcrypt/mcrypt_filter.c b/ext/mcrypt/mcrypt_filter.c new file mode 100644 index 0000000000..43590ee0b9 --- /dev/null +++ b/ext/mcrypt/mcrypt_filter.c @@ -0,0 +1,289 @@ +/* + +----------------------------------------------------------------------+ + | PHP Version 6 | + +----------------------------------------------------------------------+ + | Copyright (c) 1997-2010 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: Sara Golemon | + +----------------------------------------------------------------------+ + + $Id$ +*/ + +#include "php.h" + +#include "php_mcrypt_filter.h" +#include "php_ini.h" +#include + +typedef struct _php_mcrypt_filter_data { + MCRYPT module; + char encrypt; + int blocksize; + char *block_buffer; + int block_used; + char persistent; +} php_mcrypt_filter_data; + +static php_stream_filter_status_t php_mcrypt_filter( + php_stream *stream, + php_stream_filter *thisfilter, + php_stream_bucket_brigade *buckets_in, + php_stream_bucket_brigade *buckets_out, + size_t *bytes_consumed, + int flags TSRMLS_DC) +{ + php_mcrypt_filter_data *data; + php_stream_bucket *bucket; + size_t consumed = 0; + php_stream_filter_status_t exit_status = PSFS_FEED_ME; + + if (!thisfilter || !thisfilter->abstract) { + /* Should never happen */ + return PSFS_ERR_FATAL; + } + + data = (php_mcrypt_filter_data *)(thisfilter->abstract); + while(buckets_in->head) { + bucket = buckets_in->head; + + if (bucket->buf_type == IS_UNICODE) { + /* inflation not allowed for unicode data */ + return PSFS_ERR_FATAL; + } + + consumed += bucket->buflen; + + if (data->blocksize) { + /* Blockmode cipher */ + char *outchunk; + int chunklen = bucket->buflen + data->block_used, n; + php_stream_bucket *newbucket; + + outchunk = pemalloc(chunklen, data->persistent); + if (data->block_used) { + memcpy(outchunk, data->block_buffer, data->block_used); + } + memcpy(outchunk + data->block_used, bucket->buf.s, bucket->buflen); + + for(n=0; (n + data->blocksize) <= chunklen; n += data->blocksize) { + + if (data->encrypt) { + mcrypt_generic(data->module, outchunk + n, data->blocksize); + } else { + mdecrypt_generic(data->module, outchunk + n, data->blocksize); + } + } + data->block_used = chunklen - n; + memcpy(data->block_buffer, outchunk + n, data->block_used); + + newbucket = php_stream_bucket_new(stream, outchunk, n, 1, data->persistent TSRMLS_CC); + php_stream_bucket_append(buckets_out, newbucket TSRMLS_CC); + + exit_status = PSFS_PASS_ON; + + php_stream_bucket_unlink(bucket TSRMLS_CC); + php_stream_bucket_delref(bucket TSRMLS_CC); + } else { + /* Stream cipher */ + php_stream_bucket_make_writeable(bucket TSRMLS_CC); + if (data->encrypt) { + mcrypt_generic(data->module, bucket->buf.s, bucket->buflen); + } else { + mdecrypt_generic(data->module, bucket->buf.s, bucket->buflen); + } + php_stream_bucket_append(buckets_out, bucket TSRMLS_CC); + + exit_status = PSFS_PASS_ON; + } + } + + if ((flags & PSFS_FLAG_FLUSH_CLOSE) && data->blocksize && data->block_used) { + php_stream_bucket *newbucket; + + memset(data->block_buffer + data->block_used, 0, data->blocksize - data->block_used); + if (data->encrypt) { + mcrypt_generic(data->module, data->block_buffer, data->blocksize); + } else { + mdecrypt_generic(data->module, data->block_buffer, data->blocksize); + } + + newbucket = php_stream_bucket_new(stream, data->block_buffer, data->blocksize, 0, data->persistent TSRMLS_CC); + php_stream_bucket_append(buckets_out, newbucket TSRMLS_CC); + + exit_status = PSFS_PASS_ON; + } + + if (bytes_consumed) { + *bytes_consumed = consumed; + } + + return exit_status; +} + +static void php_mcrypt_filter_dtor(php_stream_filter *thisfilter TSRMLS_DC) +{ + if (thisfilter && thisfilter->abstract) { + php_mcrypt_filter_data *data = (php_mcrypt_filter_data*)thisfilter->abstract; + + if (data->block_buffer) { + pefree(data->block_buffer, data->persistent); + } + + mcrypt_generic_deinit(data->module); + mcrypt_module_close(data->module); + + pefree(data, data->persistent); + } +} + +static php_stream_filter_ops php_mcrypt_filter_ops = { + php_mcrypt_filter, + php_mcrypt_filter_dtor, + "mcrypt.*", + PSFO_FLAG_ACCEPTS_STRING | PSFO_FLAG_OUTPUTS_STRING +}; + +/* {{{ php_mcrypt_filter_create + * Instantiate mcrypt filter + */ +static php_stream_filter *php_mcrypt_filter_create(const char *filtername, zval *filterparams, int persistent TSRMLS_DC) +{ + int encrypt = 1, iv_len, key_len, keyl, result; + const char *cipher = filtername + sizeof("mcrypt.") - 1; + zval **tmpzval; + MCRYPT mcrypt_module; + char *iv = NULL, *key = NULL; + char *algo_dir = INI_STR("mcrypt.algorithms_dir"); + char *mode_dir = INI_STR("mcrypt.modes_dir"); + char *mode = "cbc"; + php_mcrypt_filter_data *data; + + if (strncasecmp(filtername, "mdecrypt.", sizeof("mdecrypt.") - 1) == 0) { + encrypt = 0; + cipher += sizeof("de") - 1; + } else if (strncasecmp(filtername, "mcrypt.", sizeof("mcrypt.") - 1) != 0) { + /* Should never happen */ + return NULL; + } + + if (!filterparams || Z_TYPE_P(filterparams) != IS_ARRAY) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filter parameters for %s must be an array", filtername); + return NULL; + } + + if (zend_ascii_hash_find(HASH_OF(filterparams), "mode", sizeof("mode"), (void**)&tmpzval) == SUCCESS) { + if (Z_TYPE_PP(tmpzval) == IS_STRING) { + mode = Z_STRVAL_PP(tmpzval); + } else { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "mode is not a string, ignoring"); + } + } + + if (zend_ascii_hash_find(HASH_OF(filterparams), "algorithms_dir", sizeof("algorithms_dir"), (void**)&tmpzval) == SUCCESS) { + if (Z_TYPE_PP(tmpzval) == IS_STRING) { + algo_dir = Z_STRVAL_PP(tmpzval); + } else { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "algorithms_dir is not a string, ignoring"); + } + } + + if (zend_ascii_hash_find(HASH_OF(filterparams), "modes_dir", sizeof("modes_dir"), (void**)&tmpzval) == SUCCESS) { + if (Z_TYPE_PP(tmpzval) == IS_STRING) { + mode_dir = Z_STRVAL_PP(tmpzval); + } else { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "modes_dir is not a string, ignoring"); + } + } + + if (zend_ascii_hash_find(HASH_OF(filterparams), "key", sizeof("key"), (void**)&tmpzval) == SUCCESS && + Z_TYPE_PP(tmpzval) == IS_STRING) { + key = Z_STRVAL_PP(tmpzval); + key_len = Z_STRLEN_PP(tmpzval); + } else { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "key not specified or is not a string"); + return NULL; + } + + mcrypt_module = mcrypt_module_open(cipher, algo_dir, mode, mode_dir); + if (mcrypt_module == MCRYPT_FAILED) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not open encryption module"); + return NULL; + } + iv_len = mcrypt_enc_get_iv_size(mcrypt_module); + keyl = mcrypt_enc_get_key_size(mcrypt_module); + if (keyl < key_len) { + key_len = keyl; + } + + if (zend_ascii_hash_find(HASH_OF(filterparams), "iv", sizeof("iv"), (void**) &tmpzval) == FAILURE || + Z_TYPE_PP(tmpzval) != IS_STRING) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filter parameter[iv] not provided or not of type: string"); + mcrypt_module_close(mcrypt_module); + return NULL; + } + + iv = emalloc(iv_len + 1); + if (iv_len <= Z_STRLEN_PP(tmpzval)) { + memcpy(iv, Z_STRVAL_PP(tmpzval), iv_len); + } else { + memcpy(iv, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval)); + memset(iv + Z_STRLEN_PP(tmpzval), 0, iv_len - Z_STRLEN_PP(tmpzval)); + } + + result = mcrypt_generic_init(mcrypt_module, key, key_len, iv); + efree(iv); + if (result < 0) { + switch (result) { + case -3: + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Key length incorrect"); + break; + case -4: + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Memory allocation error"); + break; + case -1: + default: + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown error"); + break; + } + mcrypt_module_close(mcrypt_module); + return NULL; + } + + data = pemalloc(sizeof(php_mcrypt_filter_data), persistent); + data->module = mcrypt_module; + data->encrypt = encrypt; + if (mcrypt_enc_is_block_mode(mcrypt_module)) { + data->blocksize = mcrypt_enc_get_block_size(mcrypt_module); + data->block_buffer = pemalloc(data->blocksize, persistent); + } else { + data->blocksize = 0; + data->block_buffer = NULL; + } + data->block_used = 0; + data->persistent = persistent; + + return php_stream_filter_alloc(&php_mcrypt_filter_ops, data, persistent); +} +/* }}} */ + +php_stream_filter_factory php_mcrypt_filter_factory = { + php_mcrypt_filter_create +}; + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * End: + * vim600: noet sw=4 ts=4 fdm=marker + * vim<600: noet sw=4 ts=4 + */ diff --git a/ext/mcrypt/php_mcrypt_filter.h b/ext/mcrypt/php_mcrypt_filter.h new file mode 100644 index 0000000000..4b8d3e0727 --- /dev/null +++ b/ext/mcrypt/php_mcrypt_filter.h @@ -0,0 +1,39 @@ +/* + +----------------------------------------------------------------------+ + | PHP Version 6 | + +----------------------------------------------------------------------+ + | Copyright (c) 1997-2010 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: Sara Golemon | + +----------------------------------------------------------------------+ + + $Id$ +*/ + +#ifndef PHP_MCRYPT_FILTER_H +#define PHP_MCRYPT_FILTER_H + +extern php_stream_filter_factory php_mcrypt_filter_factory; + +PHP_MINIT_FUNCTION(mcrypt_filter); +PHP_MSHUTDOWN_FUNCTION(mcrypt_filter); +PHP_MINFO_FUNCTION(mcrypt_filter); + +#endif /* PHP_MCRYPT_FILTER_H */ + + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * indent-tabs-mode: t + * End: + */ diff --git a/ext/mcrypt/tests/mcrypt_filters.phpt b/ext/mcrypt/tests/mcrypt_filters.phpt new file mode 100644 index 0000000000..64c71837f9 --- /dev/null +++ b/ext/mcrypt/tests/mcrypt_filters.phpt @@ -0,0 +1,41 @@ +--TEST-- +mcrypt filters +--SKIPIF-- + +--FILE-- +$iv,'key'=>$key); + +$fp = fopen($secretfile, 'wb'); +stream_filter_append($fp, 'mcrypt.tripledes', STREAM_FILTER_WRITE, $opts); +fwrite($fp, b'Secret secret secret data'); +fclose($fp); + +echo md5_file($secretfile)."\n"; + +$fp = fopen($secretfile, 'rb'); +stream_filter_append($fp, 'mdecrypt.tripledes', STREAM_FILTER_READ, $opts); +$data = stream_get_contents($fp); +fclose($fp); + +echo $data."\n"; + +@unlink($secretfile); + +--EXPECTF-- +FOUND +FOUND +32e14bd3c31f2bd666e4290ebdb166a7 +Secret secret secret data