MediaWiki REL1_34
EncryptedPassword.php
Go to the documentation of this file.
1<?php
29class EncryptedPassword extends ParameterizedPassword {
30 protected function getDelimiter() {
31 return ':';
32 }
33
34 protected function getDefaultParams() {
35 return [
36 'cipher' => $this->config['cipher'],
37 'secret' => count( $this->config['secrets'] ) - 1
38 ];
39 }
40
41 public function crypt( $password ) {
42 $secret = $this->config['secrets'][$this->params['secret']];
43
44 // Clear error string
45 while ( openssl_error_string() !== false );
46
47 if ( $this->hash ) {
48 $decrypted = openssl_decrypt(
49 $this->hash, $this->params['cipher'],
50 $secret, 0, base64_decode( $this->args[0] ) );
51 if ( $decrypted === false ) {
52 throw new PasswordError( 'Error decrypting password: ' . openssl_error_string() );
53 }
54 $underlyingPassword = $this->factory->newFromCiphertext( $decrypted );
55 } else {
56 $underlyingPassword = $this->factory->newFromType( $this->config['underlying'] );
57 }
58
59 $underlyingPassword->crypt( $password );
60 if ( count( $this->args ) ) {
61 $iv = base64_decode( $this->args[0] );
62 } else {
63 $iv = random_bytes( openssl_cipher_iv_length( $this->params['cipher'] ) );
64 }
65
66 $this->hash = openssl_encrypt(
67 $underlyingPassword->toString(), $this->params['cipher'], $secret, 0, $iv );
68 if ( $this->hash === false ) {
69 throw new PasswordError( 'Error encrypting password: ' . openssl_error_string() );
70 }
71 $this->args = [ base64_encode( $iv ) ];
72 }
73
80 public function update() {
81 if ( count( $this->args ) != 1 || $this->params == $this->getDefaultParams() ) {
82 // Hash does not need updating
83 return false;
84 }
85
86 // Clear error string
87 while ( openssl_error_string() !== false );
88
89 // Decrypt the underlying hash
90 $underlyingHash = openssl_decrypt(
91 $this->hash,
92 $this->params['cipher'],
93 $this->config['secrets'][$this->params['secret']],
94 0,
95 base64_decode( $this->args[0] )
96 );
97 if ( $underlyingHash === false ) {
98 throw new PasswordError( 'Error decrypting password: ' . openssl_error_string() );
99 }
100
101 // Reset the params
102 $this->params = $this->getDefaultParams();
103
104 // Check the key size with the new params
105 $iv = random_bytes( openssl_cipher_iv_length( $this->params['cipher'] ) );
106 $this->hash = openssl_encrypt(
107 $underlyingHash,
108 $this->params['cipher'],
109 $this->config['secrets'][$this->params['secret']],
110 0,
111 $iv
112 );
113 if ( $this->hash === false ) {
114 throw new PasswordError( 'Error encrypting password: ' . openssl_error_string() );
115 }
116
117 $this->args = [ base64_encode( $iv ) ];
118
119 return true;
120 }
121}
EncryptedPassword
Helper class for passwords that use another password hash underneath it and encrypts that hash with a...
Definition EncryptedPassword.php:29
EncryptedPassword\crypt
crypt( $password)
Hash a password and store the result in this object.
Definition EncryptedPassword.php:41
EncryptedPassword\getDelimiter
getDelimiter()
Returns the delimiter for the parameters inside the hash.
Definition EncryptedPassword.php:30
EncryptedPassword\update
update()
Updates the underlying hash by encrypting it with the newest secret.
Definition EncryptedPassword.php:80
EncryptedPassword\getDefaultParams
getDefaultParams()
Return an ordered array of default parameters for this password hash.
Definition EncryptedPassword.php:34
ParameterizedPassword
Helper class for password hash types that have a delimited set of parameters inside of the hash.
Definition ParameterizedPassword.php:38
PasswordError
Show an error when any operation involving passwords fails to run.
Definition PasswordError.php:26