MediaWiki REL1_33
|
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. More...
Static Public Member Functions | |
static | decryptSessionData ( $ciphertext, $userId) |
Decrypt an encrypted packet, generated with encryptSessionData. | |
static | encryptSessionData (array $plaintextVars, $userId) |
Encrypt an aray of variables to put into the user's session. | |
static | isEnabledFor (User $user) |
Check whether OATH two-factor authentication is enabled for a given user. | |
Static Private Member Functions | |
static | getKeyMaterials () |
Get the base secret for this wiki, used to derive all of the encryption keys. | |
static | getUserKeys ( $secret, $userid) |
Generate encryption and hmac keys, unique to this user, based on a single wiki secret. | |
static | seal ( $data, $encKey, $hmacKey) |
Actually encrypt the data, using a new random IV, and prepend the hmac of the encrypted data + IV, using a separate hmac key. | |
static | unseal ( $encrypted, $encKey, $hmacKey) |
Decrypt data sealed using seal(). | |
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. http://www.gnu.org/copyleft/gpl.html Utility class for various OATH functions
Definition at line 24 of file OATHAuthUtils.php.
|
static |
Decrypt an encrypted packet, generated with encryptSessionData.
string | $ciphertext | Encrypted data packet |
string | int | $userId |
Definition at line 57 of file OATHAuthUtils.php.
References $keys, and(), getKeyMaterials(), and getUserKeys().
|
static |
Encrypt an aray of variables to put into the user's session.
We use this when storing the user's password in their session. We can use json as the serialization format because $plaintextVars is an array of strings.
array | $plaintextVars | array of user input strings |
int | $userId | passed to key derivation functions so each user uses distinct encryption and hmac keys |
Definition at line 45 of file OATHAuthUtils.php.
References $keys, and(), getKeyMaterials(), getUserKeys(), and seal().
|
staticprivate |
Get the base secret for this wiki, used to derive all of the encryption keys.
When $wgOATHAuthSecret is rotated, users who are part way through the two-step login will get an exception, and have to re-start the login.
Definition at line 69 of file OATHAuthUtils.php.
References $wgSecretKey, and and().
Referenced by decryptSessionData(), and encryptSessionData().
|
staticprivate |
Generate encryption and hmac keys, unique to this user, based on a single wiki secret.
Use a moderate pbkdf2 work factor in case we ever leak keys.
string | $secret | |
string | int | $userid |
Definition at line 81 of file OATHAuthUtils.php.
References and().
Referenced by decryptSessionData(), and encryptSessionData().
|
static |
Check whether OATH two-factor authentication is enabled for a given user.
This is a stable method that does not change and can be used in other extensions.
User | $user |
Definition at line 31 of file OATHAuthUtils.php.
References OATHAuthHooks\getOATHUserRepository().
|
staticprivate |
Actually encrypt the data, using a new random IV, and prepend the hmac of the encrypted data + IV, using a separate hmac key.
string | $data | |
string | $encKey | |
string | $hmacKey |
Definition at line 97 of file OATHAuthUtils.php.
Referenced by encryptSessionData().
|
staticprivate |
Decrypt data sealed using seal().
First checks the hmac to prevent various attacks.
string | $encrypted | |
string | $encKey | |
string | $hmacKey |
Exception |
Definition at line 120 of file OATHAuthUtils.php.