MediaWiki  1.34.0
EncryptedPassword.php
Go to the documentation of this file.
1 <?php
29 class EncryptedPassword extends ParameterizedPassword {
30  protected function getDelimiter() {
31  return ':';
32  }
33 
34  protected function getDefaultParams() {
35  return [
36  'cipher' => $this->config['cipher'],
37  'secret' => count( $this->config['secrets'] ) - 1
38  ];
39  }
40 
41  public function crypt( $password ) {
42  $secret = $this->config['secrets'][$this->params['secret']];
43 
44  // Clear error string
45  while ( openssl_error_string() !== false );
46 
47  if ( $this->hash ) {
48  $decrypted = openssl_decrypt(
49  $this->hash, $this->params['cipher'],
50  $secret, 0, base64_decode( $this->args[0] ) );
51  if ( $decrypted === false ) {
52  throw new PasswordError( 'Error decrypting password: ' . openssl_error_string() );
53  }
54  $underlyingPassword = $this->factory->newFromCiphertext( $decrypted );
55  } else {
56  $underlyingPassword = $this->factory->newFromType( $this->config['underlying'] );
57  }
58 
59  $underlyingPassword->crypt( $password );
60  if ( count( $this->args ) ) {
61  $iv = base64_decode( $this->args[0] );
62  } else {
63  $iv = random_bytes( openssl_cipher_iv_length( $this->params['cipher'] ) );
64  }
65 
66  $this->hash = openssl_encrypt(
67  $underlyingPassword->toString(), $this->params['cipher'], $secret, 0, $iv );
68  if ( $this->hash === false ) {
69  throw new PasswordError( 'Error encrypting password: ' . openssl_error_string() );
70  }
71  $this->args = [ base64_encode( $iv ) ];
72  }
73 
80  public function update() {
81  if ( count( $this->args ) != 1 || $this->params == $this->getDefaultParams() ) {
82  // Hash does not need updating
83  return false;
84  }
85 
86  // Clear error string
87  while ( openssl_error_string() !== false );
88 
89  // Decrypt the underlying hash
90  $underlyingHash = openssl_decrypt(
91  $this->hash,
92  $this->params['cipher'],
93  $this->config['secrets'][$this->params['secret']],
94  0,
95  base64_decode( $this->args[0] )
96  );
97  if ( $underlyingHash === false ) {
98  throw new PasswordError( 'Error decrypting password: ' . openssl_error_string() );
99  }
100 
101  // Reset the params
102  $this->params = $this->getDefaultParams();
103 
104  // Check the key size with the new params
105  $iv = random_bytes( openssl_cipher_iv_length( $this->params['cipher'] ) );
106  $this->hash = openssl_encrypt(
107  $underlyingHash,
108  $this->params['cipher'],
109  $this->config['secrets'][$this->params['secret']],
110  0,
111  $iv
112  );
113  if ( $this->hash === false ) {
114  throw new PasswordError( 'Error encrypting password: ' . openssl_error_string() );
115  }
116 
117  $this->args = [ base64_encode( $iv ) ];
118 
119  return true;
120  }
121 }
PasswordError
Show an error when any operation involving passwords fails to run.
Definition: PasswordError.php:26
EncryptedPassword\getDefaultParams
getDefaultParams()
Return an ordered array of default parameters for this password hash.
Definition: EncryptedPassword.php:34
EncryptedPassword\getDelimiter
getDelimiter()
Returns the delimiter for the parameters inside the hash.
Definition: EncryptedPassword.php:30
EncryptedPassword\update
update()
Updates the underlying hash by encrypting it with the newest secret.
Definition: EncryptedPassword.php:80
EncryptedPassword\crypt
crypt( $password)
Hash a password and store the result in this object.
Definition: EncryptedPassword.php:41
ParameterizedPassword
Helper class for password hash types that have a delimited set of parameters inside of the hash.
Definition: ParameterizedPassword.php:38
EncryptedPassword
Helper class for passwords that use another password hash underneath it and encrypts that hash with a...
Definition: EncryptedPassword.php:29