Rev 622 | Rev 712 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 622 | Rev 711 | ||
---|---|---|---|
Line 56... | Line 56... | ||
56 | // ATTENTION!!! If a pepper is used, then the |
56 | // ATTENTION!!! If a pepper is used, then the |
57 | // hashes are bound to that pepper. If you change the pepper, |
57 | // hashes are bound to that pepper. If you change the pepper, |
58 | // then ALL passwords of RAs become INVALID! |
58 | // then ALL passwords of RAs become INVALID! |
59 | $pepper = OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER',''); |
59 | $pepper = OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER',''); |
60 | if ($pepper !== '') { |
60 | if ($pepper !== '') { |
- | 61 | $algo = OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER_ALGO','sha512'); // sha512 works with PHP 7.0 |
|
- | 62 | if (strtolower($algo) === 'sha3-512') { |
|
61 | // sha512 works with PHP 7.0 |
63 | $hmac = sha3_512_hmac($password, $pepper); |
- | 64 | } else { |
|
62 | $hmac = hash_hmac('sha512', $password, $pepper); |
65 | $hmac = hash_hmac($algo, $password, $pepper); |
- | 66 | } |
|
63 | if ($hmac === false) throw new OIDplusException(_L('HMAC failed')); /** @phpstan-ignore-line */ |
67 | if ($hmac === false) throw new OIDplusException(_L('HMAC failed')); /** @phpstan-ignore-line */ |
64 | return $hmac; |
68 | return $hmac; |
65 | } else { |
69 | } else { |
66 | return $password; |
70 | return $password; |
67 | } |
71 | } |
Line 307... | Line 311... | ||
307 | } |
311 | } |
308 | 312 | ||
309 | // Authentication keys for validating arguments (e.g. sent by mail) |
313 | // Authentication keys for validating arguments (e.g. sent by mail) |
310 | 314 | ||
311 | public static function makeAuthKey($data) { |
315 | public static function makeAuthKey($data) { |
312 | $data = OIDplus::baseConfig()->getValue('SERVER_SECRET') . '/AUTHKEY/' . $data; |
316 | return sha3_512_hmac($data, 'authkey:'.OIDplus::baseConfig()->getValue('SERVER_SECRET'), false); |
313 | $calc_authkey = sha3_512($data, false); |
- | |
314 | return $calc_authkey; |
- | |
315 | } |
317 | } |
316 | 318 | ||
317 | public static function validateAuthKey($data, $auth_key) { |
319 | public static function validateAuthKey($data, $auth_key) { |
318 | return hash_equals(self::makeAuthKey($data), $auth_key); |
320 | return hash_equals(self::makeAuthKey($data), $auth_key); |
319 | } |
321 | } |