WebSVN – oidplus – Diff – /trunk/plugins/auth/A1_phpgeneric_salted_hex/OIDplusAuthPluginPhpGenericSaltedHex.class.php



 * limitations under the License.
 */
 
class OIDplusAuthPluginPhpGenericSaltedHex extends OIDplusAuthPlugin {
 
        public function verify(OIDplusRAAuthInfo $authInfo, $check_password) {
                @list($s_authmethod, $s_authkey) = explode('#', $authKey, 2);
 
                $authKey = $authInfo->getAuthKey();
                $salt = $authInfo->getSalt();
 
                if ($s_authmethod == 'A1a') {
                        // This auth method can be used by you if you migrate users from another software solution into OIDplus
                        // A1a#hashalgo:X with X being H(salt+password) in hex-notation
                        // Attention: With some hash algorithms, prepending the salt makes it vulnerable against length-extension-attacks
                        $hashalgo = explode(':', $s_authkey, 2)[0];

                }
 
                return hash_equals($calc_authkey, $s_authkey);
        }
 
        public function generate($password): OIDplusRAAuthInfo {
                $preferred_hash_algos = array(
                    // sorted by priority
                    'sha3-512',
                    'sha3-384',
                    'sha3-256',

Rev 458	Rev 459
Line 17...	Line 17...
17	* limitations under the License.	17	* limitations under the License.
18	*/	18	*/
19		19
20	class OIDplusAuthPluginPhpGenericSaltedHex extends OIDplusAuthPlugin {	20	class OIDplusAuthPluginPhpGenericSaltedHex extends OIDplusAuthPlugin {
21		21
22	public function verify($authKey, $salt, $check_password) {	22	public function verify(OIDplusRAAuthInfo $authInfo, $check_password) {
23	@list($s_authmethod, $s_authkey) = explode('#', $authKey, 2);	23	@list($s_authmethod, $s_authkey) = explode('#', $authKey, 2);
24		24
-		25	$authKey = $authInfo->getAuthKey();
-		26	$salt = $authInfo->getSalt();
-		27
25	if ($s_authmethod == 'A1a') {	28	if ($s_authmethod == 'A1a') {
26	// This auth method can be used by you if you migrate users from another software solution into OIDplus	29	// This auth method can be used by you if you migrate users from another software solution into OIDplus
27	// A1a#hashalgo:X with X being H(salt+password) in hex-notation	30	// A1a#hashalgo:X with X being H(salt+password) in hex-notation
28	// Attention: With some hash algorithms, prepending the salt makes it vulnerable against length-extension-attacks	31	// Attention: With some hash algorithms, prepending the salt makes it vulnerable against length-extension-attacks
29	$hashalgo = explode(':', $s_authkey, 2)[0];	32	$hashalgo = explode(':', $s_authkey, 2)[0];
Line 49...	Line 52...
49	}	52	}
50		53
51	return hash_equals($calc_authkey, $s_authkey);	54	return hash_equals($calc_authkey, $s_authkey);
52	}	55	}
53		56
54	public function generate($password) {	57	public function generate($password): OIDplusRAAuthInfo {
55	$preferred_hash_algos = array(	58	$preferred_hash_algos = array(
56	// sorted by priority	59	// sorted by priority
57	'sha3-512',	60	'sha3-512',
58	'sha3-384',	61	'sha3-384',
59	'sha3-256',	62	'sha3-256',

Subversion Repositories oidplus

oidplus/trunk/plugins/auth/A1_phpgeneric_salted_hex/OIDplusAuthPluginPhpGenericSaltedHex.class.php – Rev 458 → 459