Rev 635 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 635 | Rev 1050 | ||
---|---|---|---|
1 | <?php |
1 | <?php |
2 | 2 | ||
3 | /* |
3 | /* |
4 | * OIDplus 2.0 |
4 | * OIDplus 2.0 |
5 | * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft |
5 | * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft |
6 | * |
6 | * |
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
8 | * you may not use this file except in compliance with the License. |
8 | * you may not use this file except in compliance with the License. |
9 | * You may obtain a copy of the License at |
9 | * You may obtain a copy of the License at |
10 | * |
10 | * |
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
12 | * |
12 | * |
13 | * Unless required by applicable law or agreed to in writing, software |
13 | * Unless required by applicable law or agreed to in writing, software |
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
16 | * See the License for the specific language governing permissions and |
16 | * See the License for the specific language governing permissions and |
17 | * limitations under the License. |
17 | * limitations under the License. |
18 | */ |
18 | */ |
19 | 19 | ||
20 | if (!defined('INSIDE_OIDPLUS')) die(); |
20 | namespace ViaThinkSoft\OIDplus; |
21 | 21 | ||
22 | class OIDplusAuthPluginSha3SaltedBase64 extends OIDplusAuthPlugin { |
22 | class OIDplusAuthPluginSha3SaltedBase64 extends OIDplusAuthPlugin { |
23 | 23 | ||
24 | public function verify(OIDplusRAAuthInfo $authInfo, $check_password) { |
24 | public function verify(OIDplusRAAuthInfo $authInfo, $check_password) { |
25 | $authKey = $authInfo->getAuthKey(); |
25 | $authKey = $authInfo->getAuthKey(); |
26 | $salt = $authInfo->getSalt(); |
26 | $salt = $authInfo->getSalt(); |
27 | @list($s_authmethod, $s_authkey) = explode('#', $authKey, 2); |
27 | @list($s_authmethod, $s_authkey) = explode('#', $authKey, 2); |
28 | 28 | ||
29 | if ($s_authmethod == 'A2') { |
29 | if ($s_authmethod == 'A2') { |
30 | // A2#X with X being sha3(salt+password) in base64-notation |
30 | // A2#X with X being sha3(salt+password) in base64-notation |
31 | $calc_authkey = base64_encode(sha3_512($salt.$check_password, true)); |
31 | $calc_authkey = base64_encode(sha3_512($salt.$check_password, true)); |
32 | } else { |
32 | } else { |
33 | // Invalid auth code |
33 | // Invalid auth code |
34 | return false; |
34 | return false; |
35 | } |
35 | } |
36 | 36 | ||
37 | return hash_equals($calc_authkey, $s_authkey); |
37 | return hash_equals($calc_authkey, $s_authkey); |
38 | } |
38 | } |
39 | 39 | ||
40 | public function generate($password): OIDplusRAAuthInfo { |
40 | public function generate($password): OIDplusRAAuthInfo { |
41 | $s_salt = bin2hex(OIDplus::authUtils()->getRandomBytes(50)); // DB field ra.salt is limited to 100 chars (= 50 bytes) |
41 | $s_salt = bin2hex(OIDplus::authUtils()->getRandomBytes(50)); // DB field ra.salt is limited to 100 chars (= 50 bytes) |
42 | $calc_authkey = 'A2#'.base64_encode(sha3_512($s_salt.$password, true)); |
42 | $calc_authkey = 'A2#'.base64_encode(sha3_512($s_salt.$password, true)); |
43 | return new OIDplusRAAuthInfo($s_salt, $calc_authkey); |
43 | return new OIDplusRAAuthInfo($s_salt, $calc_authkey); |
44 | } |
44 | } |
45 | 45 | ||
46 | } |
46 | } |
47 | 47 |