MediaWiki REL1_33
EncryptedPassword.php
Go to the documentation of this file.
1<?php
29class EncryptedPassword extends ParameterizedPassword {
30 protected function getDelimiter() {
31 return ':';
32 }
33
34 protected function getDefaultParams() {
35 return [
36 'cipher' => $this->config['cipher'],
37 'secret' => count( $this->config['secrets'] ) - 1
38 ];
39 }
40
41 public function crypt( $password ) {
42 $secret = $this->config['secrets'][$this->params['secret']];
43
44 // Clear error string
45 while ( openssl_error_string() !== false );
46
47 if ( $this->hash ) {
48 $decrypted = openssl_decrypt(
49 $this->hash, $this->params['cipher'],
50 $secret, 0, base64_decode( $this->args[0] ) );
51 if ( $decrypted === false ) {
52 throw new PasswordError( 'Error decrypting password: ' . openssl_error_string() );
53 }
54 $underlyingPassword = $this->factory->newFromCiphertext( $decrypted );
55 } else {
56 $underlyingPassword = $this->factory->newFromType( $this->config['underlying'] );
57 }
58
59 $underlyingPassword->crypt( $password );
60 if ( count( $this->args ) ) {
61 $iv = base64_decode( $this->args[0] );
62 } else {
63 $iv = random_bytes( openssl_cipher_iv_length( $this->params['cipher'] ) );
64 }
65
66 $this->hash = openssl_encrypt(
67 $underlyingPassword->toString(), $this->params['cipher'], $secret, 0, $iv );
68 if ( $this->hash === false ) {
69 throw new PasswordError( 'Error encrypting password: ' . openssl_error_string() );
70 }
71 $this->args = [ base64_encode( $iv ) ];
72 }
73
80 public function update() {
81 if ( count( $this->args ) != 1 || $this->params == $this->getDefaultParams() ) {
82 // Hash does not need updating
83 return false;
84 }
85
86 // Clear error string
87 while ( openssl_error_string() !== false );
88
89 // Decrypt the underlying hash
90 $underlyingHash = openssl_decrypt(
91 $this->hash,
92 $this->params['cipher'],
93 $this->config['secrets'][$this->params['secret']],
94 0,
95 base64_decode( $this->args[0] )
96 );
97 if ( $underlyingHash === false ) {
98 throw new PasswordError( 'Error decrypting password: ' . openssl_error_string() );
99 }
100
101 // Reset the params
102 $this->params = $this->getDefaultParams();
103
104 // Check the key size with the new params
105 $iv = random_bytes( openssl_cipher_iv_length( $this->params['cipher'] ) );
106 $this->hash = openssl_encrypt(
107 $underlyingHash,
108 $this->params['cipher'],
109 $this->config['secrets'][$this->params['secret']],
110 0,
111 $iv
112 );
113 if ( $this->hash === false ) {
114 throw new PasswordError( 'Error encrypting password: ' . openssl_error_string() );
115 }
116
117 $this->args = [ base64_encode( $iv ) ];
118
119 return true;
120 }
121}
and
and that you know you can do these things To protect your we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the or if you modify it For if you distribute copies of such a whether gratis or for a you must give the recipients all the rights that you have You must make sure that receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two and(2) offer you this license which gives you legal permission to copy
EncryptedPassword
Helper class for passwords that use another password hash underneath it and encrypts that hash with a...
Definition EncryptedPassword.php:29
EncryptedPassword\crypt
crypt( $password)
Hash a password and store the result in this object.
Definition EncryptedPassword.php:41
EncryptedPassword\getDelimiter
getDelimiter()
Returns the delimiter for the parameters inside the hash.
Definition EncryptedPassword.php:30
EncryptedPassword\update
update()
Updates the underlying hash by encrypting it with the newest secret.
Definition EncryptedPassword.php:80
EncryptedPassword\getDefaultParams
getDefaultParams()
Return an ordered array of default parameters for this password hash.
Definition EncryptedPassword.php:34
ParameterizedPassword
Helper class for password hash types that have a delimited set of parameters inside of the hash.
Definition ParameterizedPassword.php:38
PasswordError
Show an error when any operation involving passwords fails to run.
Definition PasswordError.php:26