Re: Cipher MI instruction (MD5 function) -- RPG400-L

I'm using this code to cipher a pwd with md5 for our php applications
running on iSeries.
If it can help you ...

H DFTACTGRP(*NO) ACTGRP('QILE') BNDDIR('QC2LE')

D EntryParms      PR                  extpgm('JYMONMQ')
D  TxtPass                      10A
D  MD5Pass                      32A
D EntryParms      PI
D  TxtPass                      10A
D  MD5Pass                      32A

 // Convert a Graphic Character String API
DCDRCVRT          PR                  extpgm('CDRCVRT')
D CCSID1                        10I 0 const
D ST1                           10I 0 const
D S1                           256    const
D L1                            10I 0 const
D CCSID2                        10I 0 const
D ST2                           10I 0 const
D GCCASN                        10I 0 const
D L2                            10I 0 const
D S2                           256
D L3                            10I 0
D L4                            10I 0
D FB                            12

 // MI functions
Dcipher           PR                  EXTPROC('_CIPHER')
D                                 *   VALUE
D                                 *   VALUE
D                                 *   VALUE
Dxlateb           PR                  EXTPROC('_XLATEB')
D                                 *   VALUE
D                                 *   VALUE
D                               10u 0 VALUE
Dcvthc            PR                  EXTPROC('cvthc')
D                                1
D                                1
D                               10i 0 VALUE

 // Cipher controls
DControls         DS
D Function                       5i 0 inz(5)
D HashAlg                        1    inz(x'00')
D Sequence                       1    inz(x'00')
D DataLngth                     10i 0 inz(10)
D Unused                         8    inz(*LOVAL)
D HashCtxPtr                      *   inz(%addr(HashWorkArea))
DHashWorkArea     S             96    inz(*LOVAL)
DReceiverPtr      S               *   inz(%addr(ReceiverHex))
DSourcePtr        S               *   inz(%addr(Password))

 // cvthc controls
DReceiverHex      S             16
DReceiverChr      S             32

 // text password
DPassword         S             10

 // conversion tables and CDRCVRT rtn flds
DTbl280           s            256
DTbl819           s            256
DL3               s             10i 0
DL4               s             10i 0
DFB               s             12

 // conversion binary - hex
d                 ds
d Bvalue                         5I 0
d   Xvalue                       1A   overlay(Bvalue:2)

 // hex upper-to-lower
d up              c                   'ABCDEF'
d lo              c                   'abcdef'

 /free

  // crea la tabella ebcdic
  for Bvalue = 0 to 255;
    %subst(Tbl280:Bvalue+1:1) = Xvalue;
  endfor;

  // ottiene la tabella di conversione in ascii
  CDRCVRT (280:0:Tbl280:256:819:0:0:256:Tbl819:L3:L4:FB);

  // imposta la password
  Password = TxtPass;
  DataLngth = %len(%trimr(Password));

  // codifica la password in ascii
  xlateb (%addr(Password):%addr(Tbl819):%size(Password));

  // calcola la MD5 per la password
  cipher (%addr(ReceiverPtr):%addr(Controls):%addr(SourcePtr));

  // converte gli hex in caratteri
  cvthc (ReceiverChr:ReceiverHex:%size(ReceiverChr));

  // ritorna la password MD5
  MD5Pass = %xlate(up:lo:ReceiverChr);

  *inlr = *on;
  return;

 /end-free


----- Original Message ----- 
From: "Yivi" <nardus@xxxxxxxxx>
To: "RPG programming on the AS400 / iSeries" <rpg400-l@xxxxxxxxxxxx>
Sent: Friday, December 23, 2005 9:13 AM
Subject: Cipher MI instruction (MD5 function)


Hi there,

I am trying to to use the MD5 function to store/check passwords, but things
aren't working as expected. Or, to put it better, they work as expected but
only once.

The second time the cipher function is invoked in the same program
execution, it will generate a MCH5601 exception, and be done with it. First
time works perfectly, but the second will always fail.

I declare the procedures I am using:

Dcvthc PR EXTPROC('cvthc')
D 1
D 1
D 10i 0 VALUE

DCipher PR EXTPROC('_CIPHER')
D * VALUE
D * VALUE
D * VALUE
I declare the control ds and work variables (as seen in
http://archive.midrange.com/midrange-l/200006/msg01334.html)

DControls     DS
D Function      5i  0 inz(5)
D HashAlg       1     inz(x'00')
D Sequence      1     inz(x'00')
D DataLngth     10i 0
D Unused        8     inz(*LOVAL)
D HashCtxPtr    *     inz(%addr(HashWorkArea))
DHashWorkArea S 96    inz(*LOVAL)
DDestinoHex   S 16
DDestinoChr   S 32
DDestinoPtr   S *     inz(%addr(DestinoHex))
DFuentePtr    S *     inz(%addr(Fuente))
DFuente       S 8
I check against user provided password (CONTRA) against the one stored (
USER.CONTRA, already stored in DB)

dow CONTRA <> USER.CONTRA;
  exFmt AskForPass;
  fuente    = CONTRA;
  DataLngth = %len(%trimr(fuente));
  Cipher(%addr(DestinoPtr) : %addr(Controls) : %addr(FuentePtr));
  CVTHC(DestinoChr : DestinoHex :%size(DestinoChr));
endDo;

If the user puts his/her password correctly in the first attempt, things go
on and everything is nice. Otherwise, he gets another chance, and then the
program will fail (right or wrong password, it doesn't matter) giving error
message MCH5601, reason code X'0000'.

I tried to find clues at
http://publib.boulder.ibm.com/iseries/v5r1/ic2924/tstudio/tech_ref/mi/CIPHER.htm
but
it didn't help.

Anyone has a deeper insight on this?

Regards,

I.-