Subversion Repositories php_clientchallenge

Compare Revisions

Regard whitespace Rev 3 → Rev 4

/trunk/ClientChallenge.class.php
21,26 → 21,52
 
class ClientChallenge {
 
private static function sha3_512($password, $raw_output=false) {
private static function sha3_512($message, $raw_output=false) {
if (version_compare(PHP_VERSION, '7.1.0') >= 0) {
return hash('sha3-512', $password, $raw_output);
return hash('sha3-512', $message, $raw_output);
} else {
return \bb\Sha3\Sha3::hash($password, 512, $raw_output);
return \bb\Sha3\Sha3::hash($message, 512, $raw_output);
}
}
 
public static function checkValidation($max_time=10) {
private static function sha3_512_hmac($message, $key, $raw_output=false) {
// RFC 2104 HMAC
if (version_compare(PHP_VERSION, '7.1.0') >= 0) {
return hash_hmac('sha3-512', $message, $key, $raw_output);
} else {
$blocksize = 576; // block size of sha-512!
 
if (!isset($_REQUEST['vts_validation_result'])) throw new Exception('No challenge response found');
if (strlen($key) > ($blocksize/8)) {
$k_ = sha3_512($key,true);
} else {
$k_ = $key;
}
 
list($starttime, $ip_target, $challenge, $answer) = @json_decode($_REQUEST['vts_validation_result'], true);
$k_opad = str_repeat(chr(0x5C),($blocksize/8));
$k_ipad = str_repeat(chr(0x36),($blocksize/8));
for ($i=0; $i<strlen($k_); $i++) {
$k_opad[$i] = $k_opad[$i] ^ $k_[$i];
$k_ipad[$i] = $k_ipad[$i] ^ $k_[$i];
}
 
return sha3_512($k_opad . sha3_512($k_ipad . $message, true));
}
}
 
public static function checkValidation($max_time=10, $server_secret) {
 
if (!isset($_REQUEST['vts_validation_result'])) throw new \Exception('No challenge response found');
 
list($starttime, $ip_target, $challenge, $answer, $challenge_integrity) = @json_decode($_REQUEST['vts_validation_result'], true);
 
if ($ip_target != $_SERVER['REMOTE_ADDR']) {
throw new Exception('Wrong IP');
throw new \Exception('Wrong IP');
} else if (time()-$starttime > $max_time) {
throw new Exception('Challenge expired');
throw new \Exception('Challenge expired');
} else if ($challenge_integrity != self::sha3_512_hmac($challenge,$server_secret)) {
throw new \Exception('Challenge integrity failed');
} else if ($challenge !== self::sha3_512($starttime.'/'.$ip_target.'/'.$answer)) {
throw new Exception('Wrong answer');
throw new \Exception('Wrong answer');
} else {
return true;
}
47,7 → 73,7
}
 
// This is only called by ajax_get_challenge.php
public static function createChallenge($complexity=500000) {
public static function createChallenge($complexity=500000, $server_secret) {
 
$min = 0;
$max = $complexity;
60,8 → 86,10
 
$challenge = self::sha3_512($starttime.'/'.$ip_target.'/'.$random);
 
$send_to_client = array($starttime, $ip_target, $challenge, $min, $max);
$challenge_integrity = self::sha3_512_hmac($challenge,$server_secret);
 
$send_to_client = array($starttime, $ip_target, $challenge, $min, $max, $challenge_integrity);
 
header('Content-Type:application/json');
die(json_encode($send_to_client));
 
/trunk/ClientChallenge.js
27,10 → 27,11
var challenge = data[2];
var min = data[3];
var max = data[4];
var challenge_integrity = data[5];
for (i=min; i<=max; i++) {
if (challenge == sha3_512(starttime+"/"+ip_target+"/"+i)) {
var answer = i;
var vts_validation_result = JSON.stringify([starttime, ip_target, challenge, answer]);
var vts_validation_result = JSON.stringify([starttime, ip_target, challenge, answer, challenge_integrity]);
callback(params, vts_validation_result);
break;
}
/trunk/example/ajax_example.php
23,12 → 23,18
 
require_once __DIR__ . '/../ClientChallenge.class.php';
 
define('MAX_TIME', 10); // seconds
require_once __DIR__ . '/config.inc.php';
 
if (isset($_REQUEST['action']) && ($_REQUEST['action'] === 'add_numbers')) {
 
// Check request field "vts_validation_result" for valid response of the Challenge
\ViaThinkSoft\RateLimitingChallenge\ClientChallenge::checkValidation(MAX_TIME);
try {
\ViaThinkSoft\RateLimitingChallenge\ClientChallenge::checkValidation(MAX_TIME, VTS_CS_SERVER_SECRET);
} catch (\Exception $e) {
$res = array("error" => $e->getMessage());
header('Content-Type:application/json');
die(json_encode($res));
}
 
// Do your stuff here. Example:
$a = $_REQUEST['a'];
/trunk/example/ajax_get_challenge.php
23,6 → 23,6
 
require_once __DIR__ . '/../ClientChallenge.class.php';
 
define('COMPLEXITY', 500000);
require_once __DIR__ . '/config.inc.php';
 
\ViaThinkSoft\RateLimitingChallenge\ClientChallenge::createChallenge(COMPLEXITY);
\ViaThinkSoft\RateLimitingChallenge\ClientChallenge::createChallenge(COMPLEXITY, VTS_CS_SERVER_SECRET);
/trunk/example/config.inc.php
0,0 → 1,22
<?php
 
/*
* php_clientchallenge
* Copyright 2021 Daniel Marschall, ViaThinkSoft
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
 
define('VTS_CS_SERVER_SECRET', '1234567890'); // PLEASE CHANGE THIS VALUE TO SOMETHING RANDOM!
define('MAX_TIME', 10); // seconds
define('COMPLEXITY', 500000);
/trunk/example/index.html
28,7 → 28,12
"b": params['b']
},
success: function(data) {
if ("error" in data) {
$("#out").val('ERROR');
alert(data["error"]);
} else {
$("#out").val(data["result"]);
}
},
error: error_cb
});