REL1_33/php/OATHAuthUtils_8php_source.html

<?php


class OATHAuthUtils {


    public static function isEnabledFor( User $user ) {

        $oathUser = OATHAuthHooks::getOATHUserRepository()->findByUser( $user );

        return $oathUser && $oathUser->getKey();

    }


    public static function encryptSessionData( array $plaintextVars, $userId ) {

        $keyMaterial = self::getKeyMaterials();

        $keys = self::getUserKeys( $keyMaterial, $userId );

        return self::seal( json_encode( $plaintextVars ), $keys['encrypt'], $keys['hmac'] );

    }


    public static function decryptSessionData( $ciphertext, $userId ) {

        $keyMaterial = self::getKeyMaterials();

        $keys = self::getUserKeys( $keyMaterial, $userId );

        return json_decode( self::unseal( $ciphertext, $keys['encrypt'], $keys['hmac'] ), true );

    }


    private static function getKeyMaterials() {

        global $wgOATHAuthSecret, $wgSecretKey;

        return $wgOATHAuthSecret ?: $wgSecretKey;

    }


    private static function getUserKeys( $secret, $userid ) {

        $keymats = hash_pbkdf2( 'sha256', $secret, "oath-$userid", 10001, 64, true );

        return [

            'encrypt' => substr( $keymats, 0, 32 ),

            'hmac' => substr( $keymats, 32, 32 ),

        ];

    }


    private static function seal( $data, $encKey, $hmacKey ) {

        $iv = random_bytes( 16 );

        $ciphertext = openssl_encrypt(

            $data,

            'aes-256-ctr',

            $encKey,

            OPENSSL_RAW_DATA,

            $iv

        );

        $sealed = base64_encode( $iv ) . '.' . base64_encode( $ciphertext );

        $hmac = hash_hmac( 'sha256', $sealed, $hmacKey, true );

        return base64_encode( $hmac ) . '.' . $sealed;

    }


    private static function unseal( $encrypted, $encKey, $hmacKey ) {

        $pieces = explode( '.', $encrypted );

        if ( count( $pieces ) !== 3 ) {

            throw new InvalidArgumentException( 'Invalid sealed-secret format' );

        }


        list( $hmac, $iv, $ciphertext ) = $pieces;

        $integCalc = hash_hmac( 'sha256', $iv . '.' . $ciphertext, $hmacKey, true );

        if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) {

            throw new Exception( 'Sealed secret has been tampered with, aborting.' );

        }


        return openssl_decrypt(

            base64_decode( $ciphertext ),

            'aes-256-ctr',

            $encKey,

            OPENSSL_RAW_DATA,

            base64_decode( $iv )

        );

    }


}


and
and that you know you can do these things To protect your we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the or if you modify it For if you distribute copies of such a whether gratis or for a you must give the recipients all the rights that you have You must make sure that receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two and(2) offer you this license which gives you legal permission to copy

$wgSecretKey
$wgSecretKey
This should always be customised in LocalSettings.php.
Definition DefaultSettings.php:5963

OATHAuthHooks\getOATHUserRepository
static getOATHUserRepository()
Get the singleton OATH user repository.
Definition OATHAuthHooks.php:34

OATHAuthUtils
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...
Definition OATHAuthUtils.php:24

OATHAuthUtils\encryptSessionData
static encryptSessionData(array $plaintextVars, $userId)
Encrypt an aray of variables to put into the user's session.
Definition OATHAuthUtils.php:45

OATHAuthUtils\seal
static seal( $data, $encKey, $hmacKey)
Actually encrypt the data, using a new random IV, and prepend the hmac of the encrypted data + IV,...
Definition OATHAuthUtils.php:97

OATHAuthUtils\getUserKeys
static getUserKeys( $secret, $userid)
Generate encryption and hmac keys, unique to this user, based on a single wiki secret.
Definition OATHAuthUtils.php:81

OATHAuthUtils\getKeyMaterials
static getKeyMaterials()
Get the base secret for this wiki, used to derive all of the encryption keys.
Definition OATHAuthUtils.php:69

OATHAuthUtils\unseal
static unseal( $encrypted, $encKey, $hmacKey)
Decrypt data sealed using seal().
Definition OATHAuthUtils.php:120

OATHAuthUtils\decryptSessionData
static decryptSessionData( $ciphertext, $userId)
Decrypt an encrypted packet, generated with encryptSessionData.
Definition OATHAuthUtils.php:57

OATHAuthUtils\isEnabledFor
static isEnabledFor(User $user)
Check whether OATH two-factor authentication is enabled for a given user.
Definition OATHAuthUtils.php:31

User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:48

list
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition deferred.txt:11

$data
$data
Utility to generate mapping file used in mw.Title (phpCharToUpper.json)
Definition generatePhpCharToUpperMappings.php:13

array
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))

$keys
$keys
Definition testCompression.php:67