21,26 → 21,52 |
|
class ClientChallenge { |
|
private static function sha3_512($password, $raw_output=false) { |
private static function sha3_512($message, $raw_output=false) { |
if (version_compare(PHP_VERSION, '7.1.0') >= 0) { |
return hash('sha3-512', $password, $raw_output); |
return hash('sha3-512', $message, $raw_output); |
} else { |
return \bb\Sha3\Sha3::hash($password, 512, $raw_output); |
return \bb\Sha3\Sha3::hash($message, 512, $raw_output); |
} |
} |
|
public static function checkValidation($max_time=10) { |
private static function sha3_512_hmac($message, $key, $raw_output=false) { |
// RFC 2104 HMAC |
if (version_compare(PHP_VERSION, '7.1.0') >= 0) { |
return hash_hmac('sha3-512', $message, $key, $raw_output); |
} else { |
$blocksize = 576; // block size of sha-512! |
|
if (!isset($_REQUEST['vts_validation_result'])) throw new Exception('No challenge response found'); |
if (strlen($key) > ($blocksize/8)) { |
$k_ = sha3_512($key,true); |
} else { |
$k_ = $key; |
} |
|
list($starttime, $ip_target, $challenge, $answer) = @json_decode($_REQUEST['vts_validation_result'], true); |
$k_opad = str_repeat(chr(0x5C),($blocksize/8)); |
$k_ipad = str_repeat(chr(0x36),($blocksize/8)); |
for ($i=0; $i<strlen($k_); $i++) { |
$k_opad[$i] = $k_opad[$i] ^ $k_[$i]; |
$k_ipad[$i] = $k_ipad[$i] ^ $k_[$i]; |
} |
|
return sha3_512($k_opad . sha3_512($k_ipad . $message, true)); |
} |
} |
|
public static function checkValidation($max_time=10, $server_secret) { |
|
if (!isset($_REQUEST['vts_validation_result'])) throw new \Exception('No challenge response found'); |
|
list($starttime, $ip_target, $challenge, $answer, $challenge_integrity) = @json_decode($_REQUEST['vts_validation_result'], true); |
|
if ($ip_target != $_SERVER['REMOTE_ADDR']) { |
throw new Exception('Wrong IP'); |
throw new \Exception('Wrong IP'); |
} else if (time()-$starttime > $max_time) { |
throw new Exception('Challenge expired'); |
throw new \Exception('Challenge expired'); |
} else if ($challenge_integrity != self::sha3_512_hmac($challenge,$server_secret)) { |
throw new \Exception('Challenge integrity failed'); |
} else if ($challenge !== self::sha3_512($starttime.'/'.$ip_target.'/'.$answer)) { |
throw new Exception('Wrong answer'); |
throw new \Exception('Wrong answer'); |
} else { |
return true; |
} |
47,7 → 73,7 |
} |
|
// This is only called by ajax_get_challenge.php |
public static function createChallenge($complexity=500000) { |
public static function createChallenge($complexity=500000, $server_secret) { |
|
$min = 0; |
$max = $complexity; |
60,8 → 86,10 |
|
$challenge = self::sha3_512($starttime.'/'.$ip_target.'/'.$random); |
|
$send_to_client = array($starttime, $ip_target, $challenge, $min, $max); |
$challenge_integrity = self::sha3_512_hmac($challenge,$server_secret); |
|
$send_to_client = array($starttime, $ip_target, $challenge, $min, $max, $challenge_integrity); |
|
header('Content-Type:application/json'); |
die(json_encode($send_to_client)); |
|