1 |
#!/usr/bin/php -q
|
2 |
<?php
|
3 |
//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/standalone/sitehashkeygen.php,v 1.7 2006/02/05 19:13:37 dashley Exp $
|
4 |
//--------------------------------------------------------------------------------
|
5 |
//sitehashkeygen.php--Generates FboPrime Cryptographic Hash Key
|
6 |
//Copyright (C) 2006 David T. Ashley
|
7 |
//
|
8 |
//This program is free software; you can redistribute it and/or
|
9 |
//modify it under the terms of the GNU General Public License
|
10 |
//as published by the Free Software Foundation; either version 2
|
11 |
//of the License, or (at your option) any later version.
|
12 |
//
|
13 |
//This program is distributed in the hope that it will be useful,
|
14 |
//but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15 |
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16 |
//GNU General Public License for more details.
|
17 |
//
|
18 |
//You should have received a copy of the GNU General Public License
|
19 |
//along with this program; if not, write to the Free Software
|
20 |
//Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
21 |
//--------------------------------------------------------------------------------
|
22 |
//Configuration constant--the number of characters in the key.
|
23 |
define("SITEHASHKEYGEN_KEYNUMCHARS", 200);
|
24 |
//
|
25 |
//Configuration constant--the number of characters presented on each
|
26 |
//line of the key.
|
27 |
define("SITEHASHKEYGEN_KEYNUMCHARSPERLINE", 50);
|
28 |
//
|
29 |
//Configuration constant--the file name in which to write the
|
30 |
//key.
|
31 |
define("SITEHASHKEYGEN_OUTPUTFILENAME", "sitehashkey.inc");
|
32 |
//
|
33 |
//--------------------------------------------------------------------------------
|
34 |
//Returns a version control string. Used for randomness.
|
35 |
//
|
36 |
function vc_info()
|
37 |
{
|
38 |
return("\$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/standalone/sitehashkeygen.php,v 1.7 2006/02/05 19:13:37 dashley Exp $");
|
39 |
}
|
40 |
//--------------------------------------------------------------------------------
|
41 |
function write_preamble($handle)
|
42 |
{
|
43 |
fwrite($handle, "<?php\n");
|
44 |
fwrite($handle, "//This PHP include file contains the FboPrime site hash key. This key is\n");
|
45 |
fwrite($handle, "//normally automatically generated at the time the software is set up.\n");
|
46 |
fwrite($handle, "//This key can be edited by hand safely--it is just an ordinary string of\n");
|
47 |
fwrite($handle, "//arbitrary length. However, if it is manually edited, it should be\n");
|
48 |
fwrite($handle, "//edited only at the time the system is set up. Modifying this key on a\n");
|
49 |
fwrite($handle, "//working system will invalidate every user password and may have other ill\n");
|
50 |
fwrite($handle, "//effects as well.\n");
|
51 |
fwrite($handle, "//\n");
|
52 |
fwrite($handle, "//Permissions on this file should be set so that FboPrime users cannot view\n");
|
53 |
fwrite($handle, "//its contents (it should be private to the Apache server). If FboPrime\n");
|
54 |
fwrite($handle, "//users can view this key, it may enable some security attacks on the\n");
|
55 |
fwrite($handle, "//FboPrime software (as users may be able to forge some data).\n");
|
56 |
fwrite($handle, "//\n");
|
57 |
fwrite($handle, "//Generating program: \$RCSfile: sitehashkeygen.php,v $\n");
|
58 |
fwrite($handle, "//Generating program CVS revision: \$Revision: 1.7 $\n");
|
59 |
fwrite($handle, "//Generating program CVS revision date: \$Date: 2006/02/05 19:13:37 $\n");
|
60 |
$datestring = date("d-M-Y H:i:s (\U\T\C O)");
|
61 |
fwrite($handle, "//Time of key generation: " . $datestring . "\n");
|
62 |
fwrite($handle, "//------------------------------------------------------------------------------------------\n");
|
63 |
fwrite($handle, "define(\"SITEHASHKEY_SITEHASHKEY\", \"");
|
64 |
}
|
65 |
//--------------------------------------------------------------------------------
|
66 |
function write_key($handle)
|
67 |
{
|
68 |
//It is a little tricky to get get a lot of randomness. An MD5 is 128 bits (32 hex digits).
|
69 |
//32 digits of MD5 plus 48 other random characters ought to do it.
|
70 |
//
|
71 |
//The set of characters allowed for the non-MD5 part of the hash key.
|
72 |
//
|
73 |
$allowed_chars = "0123456789"
|
74 |
. "abcdefghijklmnopqrstuvwxyz"
|
75 |
. "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
76 |
. "_=+-*/()[]<>;:.,?";
|
77 |
$n_allowed_chars = strlen($allowed_chars);
|
78 |
|
79 |
//-------------------------------------------------------------------------------------
|
80 |
//Phase I: Generate an MD5 based on a fair amount of randomness. The intent is to
|
81 |
//create randomness by tying the microtimes generated to the execution of this program
|
82 |
//on the system, which might depend on CPU speed, system load, and a number of other
|
83 |
//factors.
|
84 |
//-------------------------------------------------------------------------------------
|
85 |
$value = vc_info();
|
86 |
|
87 |
for ($i=0; $i<500; $i++)
|
88 |
{
|
89 |
$value .= microtime() . rand();
|
90 |
|
91 |
$r = rand(1000, 5000);
|
92 |
|
93 |
for ($j=0; $j<$r; $j++)
|
94 |
{
|
95 |
//The goal here is to burn a variable amount of time. In addition to depending
|
96 |
//on r, this depends on the characteristics of the server and server load.
|
97 |
//The variable amount of time should make the results of microtime() unpredictable.
|
98 |
//
|
99 |
$trash = sqrt($j);
|
100 |
}
|
101 |
}
|
102 |
|
103 |
$key_out = md5($value);
|
104 |
|
105 |
//-------------------------------------------------------------------------------------
|
106 |
//Phase II: Mix the previously-generated randomness with more stuff we can get from
|
107 |
//the system.
|
108 |
//-------------------------------------------------------------------------------------
|
109 |
$value = $key_out . date("dDjlNSwzWFmmntLoYyaABgGhHiseIOTZcrU") . $key_out;
|
110 |
$key_out .= md5($value);
|
111 |
|
112 |
//-------------------------------------------------------------------------------------
|
113 |
//Phase III: Use the PHP random number generator to generate more pseudo-random stuff.
|
114 |
//-------------------------------------------------------------------------------------
|
115 |
while (strlen($key_out) < SITEHASHKEYGEN_KEYNUMCHARS)
|
116 |
{
|
117 |
$idx = rand(0, $n_allowed_chars - 1);
|
118 |
$key_out .= Substr($allowed_chars, $idx, 1);
|
119 |
}
|
120 |
|
121 |
//The key is fully formed. Now, output it.
|
122 |
for ($z=0; $z<strlen($key_out); $z++)
|
123 |
{
|
124 |
$c = substr($key_out, $z, 1);
|
125 |
fwrite($handle, $c);
|
126 |
if ((($z % SITEHASHKEYGEN_KEYNUMCHARSPERLINE) == (SITEHASHKEYGEN_KEYNUMCHARSPERLINE - 1)) && ($z != (strlen($key_out) - 1)))
|
127 |
{
|
128 |
fwrite($handle, "\" .\n \"");
|
129 |
}
|
130 |
}
|
131 |
}
|
132 |
//--------------------------------------------------------------------------------
|
133 |
function write_postamble($handle)
|
134 |
{
|
135 |
fwrite($handle, "\" );\n");
|
136 |
fwrite($handle, "?>\n");
|
137 |
}
|
138 |
//--------------------------------------------------------------------------------
|
139 |
//--------------------------------------------------------------------------------
|
140 |
//------ M A I N S C R I P T ------------------------------------------------
|
141 |
//--------------------------------------------------------------------------------
|
142 |
//--------------------------------------------------------------------------------
|
143 |
//Process the input parameters. There must be either zero or one of those
|
144 |
//on the command-line, otherwise there is an error. If there is one,
|
145 |
//it is the path in which the site hash key file should be written.
|
146 |
if ($argc == 1)
|
147 |
{
|
148 |
//The no parameters case--we just use the working directory.
|
149 |
$outputfilename = (string) SITEHASHKEYGEN_OUTPUTFILENAME;
|
150 |
}
|
151 |
else if ($argc == 2)
|
152 |
{
|
153 |
//The path was passed to the script.
|
154 |
$outputfilepath = (string) $argv[1];
|
155 |
|
156 |
//If the path doesn't end with a slash, add the slash.
|
157 |
if (substr($outputfilepath, strlen($outputfilepath) - 1, 1) != "/")
|
158 |
$outputfilepath .= "/";
|
159 |
|
160 |
//Add in the filename.
|
161 |
$outputfilename = $outputfilepath . SITEHASHKEYGEN_OUTPUTFILENAME;
|
162 |
}
|
163 |
else
|
164 |
{
|
165 |
//Wrong number of parameters.
|
166 |
echo "Wrong number of parameters to script.\n";
|
167 |
exit(1);
|
168 |
}
|
169 |
|
170 |
|
171 |
//Try to open the file for writing.
|
172 |
$handle = fopen($outputfilename, "w");
|
173 |
if ($handle===FALSE)
|
174 |
{
|
175 |
echo "File open failure.\n";
|
176 |
exit(1);
|
177 |
}
|
178 |
//
|
179 |
//Write the preamble. This is everything up to the key itself.
|
180 |
write_preamble($handle);
|
181 |
//
|
182 |
//Generate and write the key.
|
183 |
write_key($handle);
|
184 |
//
|
185 |
//Write the postamble. This is everything after the key.
|
186 |
write_postamble($handle);
|
187 |
//
|
188 |
//Close the file.
|
189 |
if (fclose($handle)===FALSE)
|
190 |
{
|
191 |
echo "File close failure.\n";
|
192 |
exit(1);
|
193 |
}
|
194 |
//
|
195 |
//If we're here, success. Per the standard Unix way of thinking
|
196 |
//say nothing. Silence means OK.
|
197 |
exit(0);
|
198 |
//
|
199 |
//--------------------------------------------------------------------------------
|
200 |
//$Log: sitehashkeygen.php,v $
|
201 |
//Revision 1.7 2006/02/05 19:13:37 dashley
|
202 |
//Documentation tweaks.
|
203 |
//
|
204 |
//Revision 1.6 2006/02/05 19:07:18 dashley
|
205 |
//Path to include file added as command-line parameter to script. Script
|
206 |
//now also checks for wrong number of command-line parameters.
|
207 |
//
|
208 |
//Revision 1.5 2006/02/05 18:34:12 dashley
|
209 |
//Enhancements to randomness.
|
210 |
//
|
211 |
//Revision 1.4 2006/02/05 18:12:17 dashley
|
212 |
//Checkin to exercise keyword expansion.
|
213 |
//
|
214 |
//Revision 1.3 2006/02/05 08:50:40 dashley
|
215 |
//Edits.
|
216 |
//
|
217 |
//Revision 1.2 2006/02/05 08:11:24 dashley
|
218 |
//Edits.
|
219 |
//
|
220 |
//Revision 1.1 2006/02/05 06:52:59 dashley
|
221 |
//Initial checkin.
|
222 |
//--------------------------------------------------------------------------------
|
223 |
?>
|