Hash.php 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824
  1. <?php
  2. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
  3. /**
  4. * Pure-PHP implementations of keyed-hash message authentication codes (HMACs) and various cryptographic hashing functions.
  5. *
  6. * Uses hash() or mhash() if available and an internal implementation, otherwise. Currently supports the following:
  7. *
  8. * md2, md5, md5-96, sha1, sha1-96, sha256, sha384, and sha512
  9. *
  10. * If {@link Crypt_Hash::setKey() setKey()} is called, {@link Crypt_Hash::hash() hash()} will return the HMAC as opposed to
  11. * the hash. If no valid algorithm is provided, sha1 will be used.
  12. *
  13. * PHP versions 4 and 5
  14. *
  15. * {@internal The variable names are the same as those in
  16. * {@link http://tools.ietf.org/html/rfc2104#section-2 RFC2104}.}}
  17. *
  18. * Here's a short example of how to use this library:
  19. * <code>
  20. * <?php
  21. * include('Crypt/Hash.php');
  22. *
  23. * $hash = new Crypt_Hash('sha1');
  24. *
  25. * $hash->setKey('abcdefg');
  26. *
  27. * echo base64_encode($hash->hash('abcdefg'));
  28. * ?>
  29. * </code>
  30. *
  31. * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
  32. * of this software and associated documentation files (the "Software"), to deal
  33. * in the Software without restriction, including without limitation the rights
  34. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  35. * copies of the Software, and to permit persons to whom the Software is
  36. * furnished to do so, subject to the following conditions:
  37. *
  38. * The above copyright notice and this permission notice shall be included in
  39. * all copies or substantial portions of the Software.
  40. *
  41. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  42. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  43. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  44. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  45. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  46. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  47. * THE SOFTWARE.
  48. *
  49. * @category Crypt
  50. * @package Crypt_Hash
  51. * @author Jim Wigginton <terrafrost@php.net>
  52. * @copyright MMVII Jim Wigginton
  53. * @license http://www.opensource.org/licenses/mit-license.html MIT License
  54. * @link http://phpseclib.sourceforge.net
  55. */
  56. /**#@+
  57. * @access private
  58. * @see Crypt_Hash::Crypt_Hash()
  59. */
  60. /**
  61. * Toggles the internal implementation
  62. */
  63. define('CRYPT_HASH_MODE_INTERNAL', 1);
  64. /**
  65. * Toggles the mhash() implementation, which has been deprecated on PHP 5.3.0+.
  66. */
  67. define('CRYPT_HASH_MODE_MHASH', 2);
  68. /**
  69. * Toggles the hash() implementation, which works on PHP 5.1.2+.
  70. */
  71. define('CRYPT_HASH_MODE_HASH', 3);
  72. /**#@-*/
  73. /**
  74. * Pure-PHP implementations of keyed-hash message authentication codes (HMACs) and various cryptographic hashing functions.
  75. *
  76. * @author Jim Wigginton <terrafrost@php.net>
  77. * @version 0.1.0
  78. * @access public
  79. * @package Crypt_Hash
  80. */
  81. class Crypt_Hash {
  82. /**
  83. * Byte-length of compression blocks / key (Internal HMAC)
  84. *
  85. * @see Crypt_Hash::setAlgorithm()
  86. * @var Integer
  87. * @access private
  88. */
  89. var $b;
  90. /**
  91. * Byte-length of hash output (Internal HMAC)
  92. *
  93. * @see Crypt_Hash::setHash()
  94. * @var Integer
  95. * @access private
  96. */
  97. var $l = false;
  98. /**
  99. * Hash Algorithm
  100. *
  101. * @see Crypt_Hash::setHash()
  102. * @var String
  103. * @access private
  104. */
  105. var $hash;
  106. /**
  107. * Key
  108. *
  109. * @see Crypt_Hash::setKey()
  110. * @var String
  111. * @access private
  112. */
  113. var $key = false;
  114. /**
  115. * Outer XOR (Internal HMAC)
  116. *
  117. * @see Crypt_Hash::setKey()
  118. * @var String
  119. * @access private
  120. */
  121. var $opad;
  122. /**
  123. * Inner XOR (Internal HMAC)
  124. *
  125. * @see Crypt_Hash::setKey()
  126. * @var String
  127. * @access private
  128. */
  129. var $ipad;
  130. /**
  131. * Default Constructor.
  132. *
  133. * @param optional String $hash
  134. * @return Crypt_Hash
  135. * @access public
  136. */
  137. function Crypt_Hash($hash = 'sha1')
  138. {
  139. if ( !defined('CRYPT_HASH_MODE') ) {
  140. switch (true) {
  141. case extension_loaded('hash'):
  142. define('CRYPT_HASH_MODE', CRYPT_HASH_MODE_HASH);
  143. break;
  144. case extension_loaded('mhash'):
  145. define('CRYPT_HASH_MODE', CRYPT_HASH_MODE_MHASH);
  146. break;
  147. default:
  148. define('CRYPT_HASH_MODE', CRYPT_HASH_MODE_INTERNAL);
  149. }
  150. }
  151. $this->setHash($hash);
  152. }
  153. /**
  154. * Sets the key for HMACs
  155. *
  156. * Keys can be of any length.
  157. *
  158. * @access public
  159. * @param optional String $key
  160. */
  161. function setKey($key = false)
  162. {
  163. $this->key = $key;
  164. }
  165. /**
  166. * Sets the hash function.
  167. *
  168. * @access public
  169. * @param String $hash
  170. */
  171. function setHash($hash)
  172. {
  173. $hash = strtolower($hash);
  174. switch ($hash) {
  175. case 'md5-96':
  176. case 'sha1-96':
  177. $this->l = 12; // 96 / 8 = 12
  178. break;
  179. case 'md2':
  180. case 'md5':
  181. $this->l = 16;
  182. break;
  183. case 'sha1':
  184. $this->l = 20;
  185. break;
  186. case 'sha256':
  187. $this->l = 32;
  188. break;
  189. case 'sha384':
  190. $this->l = 48;
  191. break;
  192. case 'sha512':
  193. $this->l = 64;
  194. }
  195. switch ($hash) {
  196. case 'md2':
  197. $mode = CRYPT_HASH_MODE == CRYPT_HASH_MODE_HASH && in_array('md2', hash_algos()) ?
  198. CRYPT_HASH_MODE_HASH : CRYPT_HASH_MODE_INTERNAL;
  199. break;
  200. case 'sha384':
  201. case 'sha512':
  202. $mode = CRYPT_HASH_MODE == CRYPT_HASH_MODE_MHASH ? CRYPT_HASH_MODE_INTERNAL : CRYPT_HASH_MODE;
  203. break;
  204. default:
  205. $mode = CRYPT_HASH_MODE;
  206. }
  207. switch ( $mode ) {
  208. case CRYPT_HASH_MODE_MHASH:
  209. switch ($hash) {
  210. case 'md5':
  211. case 'md5-96':
  212. $this->hash = MHASH_MD5;
  213. break;
  214. case 'sha256':
  215. $this->hash = MHASH_SHA256;
  216. break;
  217. case 'sha1':
  218. case 'sha1-96':
  219. default:
  220. $this->hash = MHASH_SHA1;
  221. }
  222. return;
  223. case CRYPT_HASH_MODE_HASH:
  224. switch ($hash) {
  225. case 'md5':
  226. case 'md5-96':
  227. $this->hash = 'md5';
  228. return;
  229. case 'md2':
  230. case 'sha256':
  231. case 'sha384':
  232. case 'sha512':
  233. $this->hash = $hash;
  234. return;
  235. case 'sha1':
  236. case 'sha1-96':
  237. default:
  238. $this->hash = 'sha1';
  239. }
  240. return;
  241. }
  242. switch ($hash) {
  243. case 'md2':
  244. $this->b = 16;
  245. $this->hash = array($this, '_md2');
  246. break;
  247. case 'md5':
  248. case 'md5-96':
  249. $this->b = 64;
  250. $this->hash = array($this, '_md5');
  251. break;
  252. case 'sha256':
  253. $this->b = 64;
  254. $this->hash = array($this, '_sha256');
  255. break;
  256. case 'sha384':
  257. case 'sha512':
  258. $this->b = 128;
  259. $this->hash = array($this, '_sha512');
  260. break;
  261. case 'sha1':
  262. case 'sha1-96':
  263. default:
  264. $this->b = 64;
  265. $this->hash = array($this, '_sha1');
  266. }
  267. $this->ipad = str_repeat(chr(0x36), $this->b);
  268. $this->opad = str_repeat(chr(0x5C), $this->b);
  269. }
  270. /**
  271. * Compute the HMAC.
  272. *
  273. * @access public
  274. * @param String $text
  275. * @return String
  276. */
  277. function hash($text)
  278. {
  279. $mode = is_array($this->hash) ? CRYPT_HASH_MODE_INTERNAL : CRYPT_HASH_MODE;
  280. if (!empty($this->key) || is_string($this->key)) {
  281. switch ( $mode ) {
  282. case CRYPT_HASH_MODE_MHASH:
  283. $output = mhash($this->hash, $text, $this->key);
  284. break;
  285. case CRYPT_HASH_MODE_HASH:
  286. $output = hash_hmac($this->hash, $text, $this->key, true);
  287. break;
  288. case CRYPT_HASH_MODE_INTERNAL:
  289. /* "Applications that use keys longer than B bytes will first hash the key using H and then use the
  290. resultant L byte string as the actual key to HMAC."
  291. -- http://tools.ietf.org/html/rfc2104#section-2 */
  292. $key = strlen($this->key) > $this->b ? call_user_func($this->hash, $this->key) : $this->key;
  293. $key = str_pad($key, $this->b, chr(0)); // step 1
  294. $temp = $this->ipad ^ $key; // step 2
  295. $temp .= $text; // step 3
  296. $temp = call_user_func($this->hash, $temp); // step 4
  297. $output = $this->opad ^ $key; // step 5
  298. $output.= $temp; // step 6
  299. $output = call_user_func($this->hash, $output); // step 7
  300. }
  301. } else {
  302. switch ( $mode ) {
  303. case CRYPT_HASH_MODE_MHASH:
  304. $output = mhash($this->hash, $text);
  305. break;
  306. case CRYPT_HASH_MODE_HASH:
  307. $output = hash($this->hash, $text, true);
  308. break;
  309. case CRYPT_HASH_MODE_INTERNAL:
  310. $output = call_user_func($this->hash, $text);
  311. }
  312. }
  313. return substr($output, 0, $this->l);
  314. }
  315. /**
  316. * Returns the hash length (in bytes)
  317. *
  318. * @access public
  319. * @return Integer
  320. */
  321. function getLength()
  322. {
  323. return $this->l;
  324. }
  325. /**
  326. * Wrapper for MD5
  327. *
  328. * @access private
  329. * @param String $m
  330. */
  331. function _md5($m)
  332. {
  333. return pack('H*', md5($m));
  334. }
  335. /**
  336. * Wrapper for SHA1
  337. *
  338. * @access private
  339. * @param String $m
  340. */
  341. function _sha1($m)
  342. {
  343. return pack('H*', sha1($m));
  344. }
  345. /**
  346. * Pure-PHP implementation of MD2
  347. *
  348. * See {@link http://tools.ietf.org/html/rfc1319 RFC1319}.
  349. *
  350. * @access private
  351. * @param String $m
  352. */
  353. function _md2($m)
  354. {
  355. static $s = array(
  356. 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
  357. 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
  358. 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
  359. 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
  360. 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
  361. 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
  362. 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
  363. 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
  364. 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
  365. 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
  366. 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
  367. 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
  368. 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
  369. 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
  370. 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
  371. 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
  372. 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
  373. 31, 26, 219, 153, 141, 51, 159, 17, 131, 20
  374. );
  375. // Step 1. Append Padding Bytes
  376. $pad = 16 - (strlen($m) & 0xF);
  377. $m.= str_repeat(chr($pad), $pad);
  378. $length = strlen($m);
  379. // Step 2. Append Checksum
  380. $c = str_repeat(chr(0), 16);
  381. $l = chr(0);
  382. for ($i = 0; $i < $length; $i+= 16) {
  383. for ($j = 0; $j < 16; $j++) {
  384. // RFC1319 incorrectly states that C[j] should be set to S[c xor L]
  385. //$c[$j] = chr($s[ord($m[$i + $j] ^ $l)]);
  386. // per <http://www.rfc-editor.org/errata_search.php?rfc=1319>, however, C[j] should be set to S[c xor L] xor C[j]
  387. $c[$j] = chr($s[ord($m[$i + $j] ^ $l)] ^ ord($c[$j]));
  388. $l = $c[$j];
  389. }
  390. }
  391. $m.= $c;
  392. $length+= 16;
  393. // Step 3. Initialize MD Buffer
  394. $x = str_repeat(chr(0), 48);
  395. // Step 4. Process Message in 16-Byte Blocks
  396. for ($i = 0; $i < $length; $i+= 16) {
  397. for ($j = 0; $j < 16; $j++) {
  398. $x[$j + 16] = $m[$i + $j];
  399. $x[$j + 32] = $x[$j + 16] ^ $x[$j];
  400. }
  401. $t = chr(0);
  402. for ($j = 0; $j < 18; $j++) {
  403. for ($k = 0; $k < 48; $k++) {
  404. $x[$k] = $t = $x[$k] ^ chr($s[ord($t)]);
  405. //$t = $x[$k] = $x[$k] ^ chr($s[ord($t)]);
  406. }
  407. $t = chr(ord($t) + $j);
  408. }
  409. }
  410. // Step 5. Output
  411. return substr($x, 0, 16);
  412. }
  413. /**
  414. * Pure-PHP implementation of SHA256
  415. *
  416. * See {@link http://en.wikipedia.org/wiki/SHA_hash_functions#SHA-256_.28a_SHA-2_variant.29_pseudocode SHA-256 (a SHA-2 variant) pseudocode - Wikipedia}.
  417. *
  418. * @access private
  419. * @param String $m
  420. */
  421. function _sha256($m)
  422. {
  423. if (extension_loaded('suhosin')) {
  424. return pack('H*', sha256($m));
  425. }
  426. // Initialize variables
  427. $hash = array(
  428. 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
  429. );
  430. // Initialize table of round constants
  431. // (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
  432. static $k = array(
  433. 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
  434. 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
  435. 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
  436. 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
  437. 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
  438. 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
  439. 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
  440. 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
  441. );
  442. // Pre-processing
  443. $length = strlen($m);
  444. // to round to nearest 56 mod 64, we'll add 64 - (length + (64 - 56)) % 64
  445. $m.= str_repeat(chr(0), 64 - (($length + 8) & 0x3F));
  446. $m[$length] = chr(0x80);
  447. // we don't support hashing strings 512MB long
  448. $m.= pack('N2', 0, $length << 3);
  449. // Process the message in successive 512-bit chunks
  450. $chunks = str_split($m, 64);
  451. foreach ($chunks as $chunk) {
  452. $w = array();
  453. for ($i = 0; $i < 16; $i++) {
  454. extract(unpack('Ntemp', $this->_string_shift($chunk, 4)));
  455. $w[] = $temp;
  456. }
  457. // Extend the sixteen 32-bit words into sixty-four 32-bit words
  458. for ($i = 16; $i < 64; $i++) {
  459. $s0 = $this->_rightRotate($w[$i - 15], 7) ^
  460. $this->_rightRotate($w[$i - 15], 18) ^
  461. $this->_rightShift( $w[$i - 15], 3);
  462. $s1 = $this->_rightRotate($w[$i - 2], 17) ^
  463. $this->_rightRotate($w[$i - 2], 19) ^
  464. $this->_rightShift( $w[$i - 2], 10);
  465. $w[$i] = $this->_add($w[$i - 16], $s0, $w[$i - 7], $s1);
  466. }
  467. // Initialize hash value for this chunk
  468. list($a, $b, $c, $d, $e, $f, $g, $h) = $hash;
  469. // Main loop
  470. for ($i = 0; $i < 64; $i++) {
  471. $s0 = $this->_rightRotate($a, 2) ^
  472. $this->_rightRotate($a, 13) ^
  473. $this->_rightRotate($a, 22);
  474. $maj = ($a & $b) ^
  475. ($a & $c) ^
  476. ($b & $c);
  477. $t2 = $this->_add($s0, $maj);
  478. $s1 = $this->_rightRotate($e, 6) ^
  479. $this->_rightRotate($e, 11) ^
  480. $this->_rightRotate($e, 25);
  481. $ch = ($e & $f) ^
  482. ($this->_not($e) & $g);
  483. $t1 = $this->_add($h, $s1, $ch, $k[$i], $w[$i]);
  484. $h = $g;
  485. $g = $f;
  486. $f = $e;
  487. $e = $this->_add($d, $t1);
  488. $d = $c;
  489. $c = $b;
  490. $b = $a;
  491. $a = $this->_add($t1, $t2);
  492. }
  493. // Add this chunk's hash to result so far
  494. $hash = array(
  495. $this->_add($hash[0], $a),
  496. $this->_add($hash[1], $b),
  497. $this->_add($hash[2], $c),
  498. $this->_add($hash[3], $d),
  499. $this->_add($hash[4], $e),
  500. $this->_add($hash[5], $f),
  501. $this->_add($hash[6], $g),
  502. $this->_add($hash[7], $h)
  503. );
  504. }
  505. // Produce the final hash value (big-endian)
  506. return pack('N8', $hash[0], $hash[1], $hash[2], $hash[3], $hash[4], $hash[5], $hash[6], $hash[7]);
  507. }
  508. /**
  509. * Pure-PHP implementation of SHA384 and SHA512
  510. *
  511. * @access private
  512. * @param String $m
  513. */
  514. function _sha512($m)
  515. {
  516. if (!class_exists('Math_BigInteger')) {
  517. require_once('Math/BigInteger.php');
  518. }
  519. static $init384, $init512, $k;
  520. if (!isset($k)) {
  521. // Initialize variables
  522. $init384 = array( // initial values for SHA384
  523. 'cbbb9d5dc1059ed8', '629a292a367cd507', '9159015a3070dd17', '152fecd8f70e5939',
  524. '67332667ffc00b31', '8eb44a8768581511', 'db0c2e0d64f98fa7', '47b5481dbefa4fa4'
  525. );
  526. $init512 = array( // initial values for SHA512
  527. '6a09e667f3bcc908', 'bb67ae8584caa73b', '3c6ef372fe94f82b', 'a54ff53a5f1d36f1',
  528. '510e527fade682d1', '9b05688c2b3e6c1f', '1f83d9abfb41bd6b', '5be0cd19137e2179'
  529. );
  530. for ($i = 0; $i < 8; $i++) {
  531. $init384[$i] = new Math_BigInteger($init384[$i], 16);
  532. $init384[$i]->setPrecision(64);
  533. $init512[$i] = new Math_BigInteger($init512[$i], 16);
  534. $init512[$i]->setPrecision(64);
  535. }
  536. // Initialize table of round constants
  537. // (first 64 bits of the fractional parts of the cube roots of the first 80 primes 2..409)
  538. $k = array(
  539. '428a2f98d728ae22', '7137449123ef65cd', 'b5c0fbcfec4d3b2f', 'e9b5dba58189dbbc',
  540. '3956c25bf348b538', '59f111f1b605d019', '923f82a4af194f9b', 'ab1c5ed5da6d8118',
  541. 'd807aa98a3030242', '12835b0145706fbe', '243185be4ee4b28c', '550c7dc3d5ffb4e2',
  542. '72be5d74f27b896f', '80deb1fe3b1696b1', '9bdc06a725c71235', 'c19bf174cf692694',
  543. 'e49b69c19ef14ad2', 'efbe4786384f25e3', '0fc19dc68b8cd5b5', '240ca1cc77ac9c65',
  544. '2de92c6f592b0275', '4a7484aa6ea6e483', '5cb0a9dcbd41fbd4', '76f988da831153b5',
  545. '983e5152ee66dfab', 'a831c66d2db43210', 'b00327c898fb213f', 'bf597fc7beef0ee4',
  546. 'c6e00bf33da88fc2', 'd5a79147930aa725', '06ca6351e003826f', '142929670a0e6e70',
  547. '27b70a8546d22ffc', '2e1b21385c26c926', '4d2c6dfc5ac42aed', '53380d139d95b3df',
  548. '650a73548baf63de', '766a0abb3c77b2a8', '81c2c92e47edaee6', '92722c851482353b',
  549. 'a2bfe8a14cf10364', 'a81a664bbc423001', 'c24b8b70d0f89791', 'c76c51a30654be30',
  550. 'd192e819d6ef5218', 'd69906245565a910', 'f40e35855771202a', '106aa07032bbd1b8',
  551. '19a4c116b8d2d0c8', '1e376c085141ab53', '2748774cdf8eeb99', '34b0bcb5e19b48a8',
  552. '391c0cb3c5c95a63', '4ed8aa4ae3418acb', '5b9cca4f7763e373', '682e6ff3d6b2b8a3',
  553. '748f82ee5defb2fc', '78a5636f43172f60', '84c87814a1f0ab72', '8cc702081a6439ec',
  554. '90befffa23631e28', 'a4506cebde82bde9', 'bef9a3f7b2c67915', 'c67178f2e372532b',
  555. 'ca273eceea26619c', 'd186b8c721c0c207', 'eada7dd6cde0eb1e', 'f57d4f7fee6ed178',
  556. '06f067aa72176fba', '0a637dc5a2c898a6', '113f9804bef90dae', '1b710b35131c471b',
  557. '28db77f523047d84', '32caab7b40c72493', '3c9ebe0a15c9bebc', '431d67c49c100d4c',
  558. '4cc5d4becb3e42b6', '597f299cfc657e2a', '5fcb6fab3ad6faec', '6c44198c4a475817'
  559. );
  560. for ($i = 0; $i < 80; $i++) {
  561. $k[$i] = new Math_BigInteger($k[$i], 16);
  562. }
  563. }
  564. $hash = $this->l == 48 ? $init384 : $init512;
  565. // Pre-processing
  566. $length = strlen($m);
  567. // to round to nearest 112 mod 128, we'll add 128 - (length + (128 - 112)) % 128
  568. $m.= str_repeat(chr(0), 128 - (($length + 16) & 0x7F));
  569. $m[$length] = chr(0x80);
  570. // we don't support hashing strings 512MB long
  571. $m.= pack('N4', 0, 0, 0, $length << 3);
  572. // Process the message in successive 1024-bit chunks
  573. $chunks = str_split($m, 128);
  574. foreach ($chunks as $chunk) {
  575. $w = array();
  576. for ($i = 0; $i < 16; $i++) {
  577. $temp = new Math_BigInteger($this->_string_shift($chunk, 8), 256);
  578. $temp->setPrecision(64);
  579. $w[] = $temp;
  580. }
  581. // Extend the sixteen 32-bit words into eighty 32-bit words
  582. for ($i = 16; $i < 80; $i++) {
  583. $temp = array(
  584. $w[$i - 15]->bitwise_rightRotate(1),
  585. $w[$i - 15]->bitwise_rightRotate(8),
  586. $w[$i - 15]->bitwise_rightShift(7)
  587. );
  588. $s0 = $temp[0]->bitwise_xor($temp[1]);
  589. $s0 = $s0->bitwise_xor($temp[2]);
  590. $temp = array(
  591. $w[$i - 2]->bitwise_rightRotate(19),
  592. $w[$i - 2]->bitwise_rightRotate(61),
  593. $w[$i - 2]->bitwise_rightShift(6)
  594. );
  595. $s1 = $temp[0]->bitwise_xor($temp[1]);
  596. $s1 = $s1->bitwise_xor($temp[2]);
  597. $w[$i] = $w[$i - 16]->copy();
  598. $w[$i] = $w[$i]->add($s0);
  599. $w[$i] = $w[$i]->add($w[$i - 7]);
  600. $w[$i] = $w[$i]->add($s1);
  601. }
  602. // Initialize hash value for this chunk
  603. $a = $hash[0]->copy();
  604. $b = $hash[1]->copy();
  605. $c = $hash[2]->copy();
  606. $d = $hash[3]->copy();
  607. $e = $hash[4]->copy();
  608. $f = $hash[5]->copy();
  609. $g = $hash[6]->copy();
  610. $h = $hash[7]->copy();
  611. // Main loop
  612. for ($i = 0; $i < 80; $i++) {
  613. $temp = array(
  614. $a->bitwise_rightRotate(28),
  615. $a->bitwise_rightRotate(34),
  616. $a->bitwise_rightRotate(39)
  617. );
  618. $s0 = $temp[0]->bitwise_xor($temp[1]);
  619. $s0 = $s0->bitwise_xor($temp[2]);
  620. $temp = array(
  621. $a->bitwise_and($b),
  622. $a->bitwise_and($c),
  623. $b->bitwise_and($c)
  624. );
  625. $maj = $temp[0]->bitwise_xor($temp[1]);
  626. $maj = $maj->bitwise_xor($temp[2]);
  627. $t2 = $s0->add($maj);
  628. $temp = array(
  629. $e->bitwise_rightRotate(14),
  630. $e->bitwise_rightRotate(18),
  631. $e->bitwise_rightRotate(41)
  632. );
  633. $s1 = $temp[0]->bitwise_xor($temp[1]);
  634. $s1 = $s1->bitwise_xor($temp[2]);
  635. $temp = array(
  636. $e->bitwise_and($f),
  637. $g->bitwise_and($e->bitwise_not())
  638. );
  639. $ch = $temp[0]->bitwise_xor($temp[1]);
  640. $t1 = $h->add($s1);
  641. $t1 = $t1->add($ch);
  642. $t1 = $t1->add($k[$i]);
  643. $t1 = $t1->add($w[$i]);
  644. $h = $g->copy();
  645. $g = $f->copy();
  646. $f = $e->copy();
  647. $e = $d->add($t1);
  648. $d = $c->copy();
  649. $c = $b->copy();
  650. $b = $a->copy();
  651. $a = $t1->add($t2);
  652. }
  653. // Add this chunk's hash to result so far
  654. $hash = array(
  655. $hash[0]->add($a),
  656. $hash[1]->add($b),
  657. $hash[2]->add($c),
  658. $hash[3]->add($d),
  659. $hash[4]->add($e),
  660. $hash[5]->add($f),
  661. $hash[6]->add($g),
  662. $hash[7]->add($h)
  663. );
  664. }
  665. // Produce the final hash value (big-endian)
  666. // (Crypt_Hash::hash() trims the output for hashes but not for HMACs. as such, we trim the output here)
  667. $temp = $hash[0]->toBytes() . $hash[1]->toBytes() . $hash[2]->toBytes() . $hash[3]->toBytes() .
  668. $hash[4]->toBytes() . $hash[5]->toBytes();
  669. if ($this->l != 48) {
  670. $temp.= $hash[6]->toBytes() . $hash[7]->toBytes();
  671. }
  672. return $temp;
  673. }
  674. /**
  675. * Right Rotate
  676. *
  677. * @access private
  678. * @param Integer $int
  679. * @param Integer $amt
  680. * @see _sha256()
  681. * @return Integer
  682. */
  683. function _rightRotate($int, $amt)
  684. {
  685. $invamt = 32 - $amt;
  686. $mask = (1 << $invamt) - 1;
  687. return (($int << $invamt) & 0xFFFFFFFF) | (($int >> $amt) & $mask);
  688. }
  689. /**
  690. * Right Shift
  691. *
  692. * @access private
  693. * @param Integer $int
  694. * @param Integer $amt
  695. * @see _sha256()
  696. * @return Integer
  697. */
  698. function _rightShift($int, $amt)
  699. {
  700. $mask = (1 << (32 - $amt)) - 1;
  701. return ($int >> $amt) & $mask;
  702. }
  703. /**
  704. * Not
  705. *
  706. * @access private
  707. * @param Integer $int
  708. * @see _sha256()
  709. * @return Integer
  710. */
  711. function _not($int)
  712. {
  713. return ~$int & 0xFFFFFFFF;
  714. }
  715. /**
  716. * Add
  717. *
  718. * _sha256() adds multiple unsigned 32-bit integers. Since PHP doesn't support unsigned integers and since the
  719. * possibility of overflow exists, care has to be taken. Math_BigInteger() could be used but this should be faster.
  720. *
  721. * @param Integer $...
  722. * @return Integer
  723. * @see _sha256()
  724. * @access private
  725. */
  726. function _add()
  727. {
  728. static $mod;
  729. if (!isset($mod)) {
  730. $mod = pow(2, 32);
  731. }
  732. $result = 0;
  733. $arguments = func_get_args();
  734. foreach ($arguments as $argument) {
  735. $result+= $argument < 0 ? ($argument & 0x7FFFFFFF) + 0x80000000 : $argument;
  736. }
  737. return fmod($result, $mod);
  738. }
  739. /**
  740. * String Shift
  741. *
  742. * Inspired by array_shift
  743. *
  744. * @param String $string
  745. * @param optional Integer $index
  746. * @return String
  747. * @access private
  748. */
  749. function _string_shift(&$string, $index = 1)
  750. {
  751. $substr = substr($string, 0, $index);
  752. $string = substr($string, $index);
  753. return $substr;
  754. }
  755. }