MediaWiki  1.33.0
hotp.php
Go to the documentation of this file.
1 <?php
11 class HOTP {
18  public static function generateByCounter( $key, $counter ) {
19  // the counter value can be more than one byte long,
20  // so we need to pack it down properly.
21  $cur_counter = array( 0, 0, 0, 0, 0, 0, 0, 0 );
22  for ( $i = 7; $i >= 0; $i-- ) {
23  $cur_counter[$i] = pack( 'C*', $counter );
24  $counter = $counter >> 8;
25  }
26 
27  $bin_counter = implode( $cur_counter );
28 
29  // Pad to 8 chars
30  if ( strlen( $bin_counter ) < 8 ) {
31  $bin_counter = str_repeat( "\0", 8 - strlen( $bin_counter ) ) . $bin_counter;
32  }
33 
34  // HMAC
35  $hash = hash_hmac( 'sha1', $bin_counter, $key );
36 
37  return new HOTPResult( $hash );
38  }
39 
49  public static function generateByTime( $key, $window, $timestamp = false ) {
50  if ( !$timestamp && $timestamp !== 0 ) {
51  $timestamp = HOTP::getTime();
52  }
53 
54  $counter = (int)( $timestamp / $window );
55 
56  return HOTP::generateByCounter( $key, $counter );
57  }
58 
72  public static function generateByTimeWindow( $key, $window, $min = -1,
73  $max = 1, $timestamp = false
74  ) {
75  if ( !$timestamp && $timestamp !== 0 ) {
76  $timestamp = HOTP::getTime();
77  }
78 
79  $counter = (int)( $timestamp / $window );
80  $window = range( $min, $max );
81 
82  $out = array();
83  $length = count( $window );
84  for ( $i = 0; $i < $length; $i++ ) {
85  $shift_counter = $counter + $window[$i];
86  $out[$shift_counter] = HOTP::generateByCounter($key, $shift_counter);
87  }
88 
89  return $out;
90  }
91 
98  public static function getTime() {
99  return time(); // PHP's time is always UTC
100  }
101 }
102 
108 class HOTPResult {
109  protected $hash;
110  protected $binary;
111  protected $decimal;
112  protected $hex;
113 
118  public function __construct( $value ) {
119  // store raw
120  $this->hash = $value;
121 
122  // store calculate decimal
123  $hmac_result = array();
124 
125  // Convert to decimal
126  foreach ( str_split( $this->hash, 2 ) as $hex ) {
127  $hmac_result[] = hexdec($hex);
128  }
129 
130  $offset = $hmac_result[19] & 0xf;
131 
132  $this->decimal = (
133  ( ( $hmac_result[$offset+0] & 0x7f ) << 24 ) |
134  ( ( $hmac_result[$offset+1] & 0xff ) << 16 ) |
135  ( ( $hmac_result[$offset+2] & 0xff ) << 8 ) |
136  ( $hmac_result[$offset+3] & 0xff )
137  );
138 
139  // calculate hex
140  $this->hex = dechex( $this->decimal );
141  }
142 
147  public function toString() {
148  return $this->hash;
149  }
150 
155  public function toHex() {
156  return $this->hex;
157  }
158 
163  public function toDec() {
164  return $this->decimal;
165  }
166 
172  public function toHOTP( $length ) {
173  $str = str_pad( $this->toDec(), $length, "0", STR_PAD_LEFT );
174  $str = substr( $str, ( -1 * $length ) );
175 
176  return $str;
177  }
178 
179 }
HOTPResult\$hash
$hash
Definition: hotp.php:109
captcha-old.count
count
Definition: captcha-old.py:249
HOTP
HOTP Class Based on the work of OAuth, and the sample implementation of HMAC OTP http://tools....
Definition: hotp.php:11
$out
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that When $user is not it can be in the form of< username >< more info > e g for bot passwords intended to be added to log contexts Fields it might only if the login was with a bot password it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output $out
Definition: hooks.txt:780
HOTPResult
The HOTPResult Class converts an HOTP item to various forms Supported formats include hex,...
Definition: hotp.php:108
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
HOTPResult\__construct
__construct( $value)
Build an HOTP Result.
Definition: hotp.php:118
HOTPResult\$decimal
$decimal
Definition: hotp.php:111
HOTPResult\$hex
$hex
Definition: hotp.php:112
HOTPResult\toHex
toHex()
Returns the hex version of the HOTP.
Definition: hotp.php:155
array
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))
HOTP\generateByTimeWindow
static generateByTimeWindow( $key, $window, $min=-1, $max=1, $timestamp=false)
Generate a HOTP key collection based on a timestamp and window size all keys that could exist between...
Definition: hotp.php:72
$value
$value
Definition: styleTest.css.php:49
HOTP\generateByCounter
static generateByCounter( $key, $counter)
Generate a HOTP key based on a counter value (event based HOTP)
Definition: hotp.php:18
HOTP\getTime
static getTime()
Gets the current time Ensures we are operating in UTC for the entire framework Restores the timezone ...
Definition: hotp.php:98
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
HOTPResult\$binary
$binary
Definition: hotp.php:110
HOTPResult\toHOTP
toHOTP( $length)
Returns the truncated decimal form of the HOTP.
Definition: hotp.php:172
HOTPResult\toString
toString()
Returns the string version of the HOTP.
Definition: hotp.php:147
HOTPResult\toDec
toDec()
Returns the decimal version of the HOTP.
Definition: hotp.php:163
HOTP\generateByTime
static generateByTime( $key, $window, $timestamp=false)
Generate a HOTP key based on a timestamp and window size.
Definition: hotp.php:49