MediaWiki REL1_31
EncryptedPassword.php
Go to the documentation of this file.
1<?php
30 protected function getDelimiter() {
31 return ':';
32 }
33
34 protected function getDefaultParams() {
35 return [
36 'cipher' => $this->config['cipher'],
37 'secret' => count( $this->config['secrets'] ) - 1
38 ];
39 }
40
41 public function crypt( $password ) {
42 $secret = $this->config['secrets'][$this->params['secret']];
43
44 // Clear error string
45 while ( openssl_error_string() !== false );
46
47 if ( $this->hash ) {
48 $decrypted = openssl_decrypt(
49 $this->hash, $this->params['cipher'],
50 $secret, 0, base64_decode( $this->args[0] ) );
51 if ( $decrypted === false ) {
52 throw new PasswordError( 'Error decrypting password: ' . openssl_error_string() );
53 }
54 $underlyingPassword = $this->factory->newFromCiphertext( $decrypted );
55 } else {
56 $underlyingPassword = $this->factory->newFromType( $this->config['underlying'] );
57 }
58
59 $underlyingPassword->crypt( $password );
60 if ( count( $this->args ) ) {
61 $iv = base64_decode( $this->args[0] );
62 } else {
63 $iv = MWCryptRand::generate( openssl_cipher_iv_length( $this->params['cipher'] ), true );
64 }
65
66 $this->hash = openssl_encrypt(
67 $underlyingPassword->toString(), $this->params['cipher'], $secret, 0, $iv );
68 if ( $this->hash === false ) {
69 throw new PasswordError( 'Error encrypting password: ' . openssl_error_string() );
70 }
71 $this->args = [ base64_encode( $iv ) ];
72 }
73
80 public function update() {
81 if ( count( $this->args ) != 1 || $this->params == $this->getDefaultParams() ) {
82 // Hash does not need updating
83 return false;
84 }
85
86 // Clear error string
87 while ( openssl_error_string() !== false );
88
89 // Decrypt the underlying hash
90 $underlyingHash = openssl_decrypt(
91 $this->hash,
92 $this->params['cipher'],
93 $this->config['secrets'][$this->params['secret']],
94 0,
95 base64_decode( $this->args[0] )
96 );
97 if ( $underlyingHash === false ) {
98 throw new PasswordError( 'Error decrypting password: ' . openssl_error_string() );
99 }
100
101 // Reset the params
102 $this->params = $this->getDefaultParams();
103
104 // Check the key size with the new params
105 $iv = MWCryptRand::generate( openssl_cipher_iv_length( $this->params['cipher'] ), true );
106 $this->hash = openssl_encrypt(
107 $underlyingHash,
108 $this->params['cipher'],
109 $this->config['secrets'][$this->params['secret']],
110 0,
111 $iv
112 );
113 if ( $this->hash === false ) {
114 throw new PasswordError( 'Error encrypting password: ' . openssl_error_string() );
115 }
116
117 $this->args = [ base64_encode( $iv ) ];
118
119 return true;
120 }
121}
Helper class for passwords that use another password hash underneath it and encrypts that hash with a...
crypt( $password)
Hash a password and store the result in this object.
getDelimiter()
Returns the delimiter for the parameters inside the hash.
update()
Updates the underlying hash by encrypting it with the newest secret.
getDefaultParams()
Return an ordered array of default parameters for this password hash.
static generate( $bytes, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in raw binary form.
Helper class for password hash types that have a delimited set of parameters inside of the hash.
Show an error when any operation involving passwords fails to run.