/**
* crack_keystore
*
* Makes a bruteforce to find the final hash contained in the KeyStore
* Returns the plaintext password used to encrypt de disk of the virtual machine
*/
function crack_keystore($keystore, $wordlist)
{
// Open wordlist file
$fp = fopen($wordlist, 'r');
// Continue if it is a valid resource
if (is_resource($fp)) {
// Get hash and method from keystore
$hash = get_hash_algorithm($keystore);
$method = get_openssl_method($keystore);
while (!feof($fp)) {
// Read each line of the file, it is the user password
$user_password = trim(fgets($fp));
// First call to PBKDF2
$EVP_password = hash_pbkdf2($hash, $user_password, $keystore['pbkdf2_1_salt'], $keystore['pbkdf2_1_iterations'], $keystore['generic_key_length'], true);
// Here, the password used for the second call to PBKDF2 is decrypted
$decrypted_password = openssl_decrypt(substr($keystore['pbkdf2_2_encrypted_password'], 0, $keystore['evp_decrypt_input_length']), $method, $EVP_password, OPENSSL_RAW_DATA, '');
if ($decrypted_password === false) {
continue;
}
// Final hash is computed
$final_hash = hash_pbkdf2($hash, $decrypted_password, $keystore['pbkdf2_2_salt'], $keystore['pbkdf2_2_iterations'], $keystore['pbkdf2_2_key_length'], true);
// If the computed hash is equal to the stored hash, then we have got the right user password
if ($final_hash === $keystore['final_hash']) {
return $user_password;
}
}
return false;
} else {
return false;
}
}
/**
* set up for dependent objects before running each test
*/
public final function setUp()
{
//run default set-up method
parent::setUp();
//create a new organization for the test volunteers to belong
$organization = new Organization(null, "123 Easy Street", '', "Albuquerque", "Feeding people since 1987", "9 - 5", "Food for Hungry People", "505-765-4321", "NM", "R", "87801");
$organization->insert($this->getPDO());
//create a new volunteer to use as an admin for the tests
//don't need to insert them into the database: just need their info to create sessions
//for testing purposes, allow them to create organizations they're not associated with
$salt = bin2hex(openssl_random_pseudo_bytes(32));
$hash = hash_pbkdf2("sha512", "password4321", $salt, 262144, 128);
$this->admin = new Volunteer(null, $organization->getOrgId(), "*****@*****.**", null, "John", $hash, true, "Doe", "505-123-4567", $salt);
$this->admin->insert($this->getPDO());
//create a non-admin volunteer for the tests
$salt = bin2hex(openssl_random_pseudo_bytes(32));
$hash = hash_pbkdf2("sha512", "password1234", $salt, 262144, 128);
$this->volunteer = new Volunteer(null, $organization->getOrgId(), "*****@*****.**", null, "Jane", $hash, false, "Doe", "505-555-5555", $salt);
$this->volunteer->insert($this->getPDO());
//create the guzzle client
$this->guzzle = new \GuzzleHttp\Client(["cookies" => true]);
//visit ourselves to get the xsrf-token
$this->guzzle->get('https://bootcamp-coders.cnm.edu/~tfenstermaker/bread-basket/public_html/php/api/organization');
$cookies = $this->guzzle->getConfig()["cookies"];
$this->token = $cookies->getCookieByName("XSRF-TOKEN")->getValue();
//send a request to the sign-in method
$adminLogin = new stdClass();
$adminLogin->email = "*****@*****.**";
$adminLogin->password = "******";
$login = $this->guzzle->post('https://bootcamp-coders.cnm.edu/~tfenstermaker/bread-basket/public_html/php/controllers/sign-in-controller.php', ['json' => $adminLogin, 'headers' => ['X-XSRF-TOKEN' => $this->token]]);
}
public function crypt($password)
{
if (count($this->args) == 0) {
$this->args[] = base64_encode(MWCryptRand::generate(16, true));
}
if (function_exists('hash_pbkdf2')) {
$hash = hash_pbkdf2($this->params['algo'], $password, base64_decode($this->args[0]), (int) $this->params['rounds'], (int) $this->params['length'], true);
if (!is_string($hash)) {
throw new PasswordError('Error when hashing password.');
}
} else {
$hashLenHash = hash($this->params['algo'], '', true);
if (!is_string($hashLenHash)) {
throw new PasswordError('Error when hashing password.');
}
$hashLen = strlen($hashLenHash);
$blockCount = ceil($this->params['length'] / $hashLen);
$hash = '';
$salt = base64_decode($this->args[0]);
for ($i = 1; $i <= $blockCount; ++$i) {
$roundTotal = $lastRound = hash_hmac($this->params['algo'], $salt . pack('N', $i), $password, true);
for ($j = 1; $j < $this->params['rounds']; ++$j) {
$lastRound = hash_hmac($this->params['algo'], $lastRound, $password, true);
$roundTotal ^= $lastRound;
}
$hash .= $roundTotal;
}
$hash = substr($hash, 0, $this->params['length']);
}
$this->hash = base64_encode($hash);
}
private function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
$algorithm = strtolower($algorithm);
if (!in_array($algorithm, hash_algos(), true)) {
trigger_error('PBKDF2 ERROR: Invalid hash algorithm.', E_USER_ERROR);
}
if ($count <= 0 || $key_length <= 0) {
trigger_error('PBKDF2 ERROR: Invalid parameters.', E_USER_ERROR);
}
if (function_exists("hash_pbkdf2")) {
if (!$raw_output) {
$key_length = $key_length * 2;
}
return hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output);
}
$hash_length = strlen(hash($algorithm, "", true));
$block_count = ceil($key_length / $hash_length);
$output = "";
for ($i = 1; $i <= $block_count; $i++) {
$last = $salt . pack("N", $i);
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
for ($j = 1; $j < $count; $j++) {
$xorsum ^= $last = hash_hmac($algorithm, $last, $password, true);
}
$output .= $xorsum;
}
if ($raw_output) {
return substr($output, 0, $key_length);
} else {
return bin2hex(substr($output, 0, $key_length));
}
}
/**
* Constructor.
*
* @param string $pass The password.
* @param string $key_length Length of the derived key (in bytes).
* @param array $opts Additional options:
* - algo: (string) Hash algorithm.
* - i_count: (integer) Iteration count.
* - salt: (string) The salt to use.
*/
public function __construct($pass, $key_length, array $opts = array())
{
$this->iterations = isset($opts['i_count']) ? $opts['i_count'] : 16384;
if ($key_length <= 0 || $this->iterations <= 0) {
throw new InvalidArgumentException('Invalid arguments');
}
$this->hashAlgo = isset($opts['algo']) ? $opts['algo'] : 'SHA256';
/* Nice to have, but salt does not need to be cryptographically
* secure random value. */
$this->salt = isset($opts['salt']) ? $opts['salt'] : (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes($key_length) : substr(hash('sha512', new Horde_Support_Randomid(), true), 0, $key_length));
if (function_exists('hash_pbkdf2')) {
$this->_key = hash_pbkdf2($this->hashAlgo, $pass, $this->salt, $this->iterations, $key_length, true);
return;
}
$hash_length = strlen(hash($this->hashAlgo, '', true));
$block_count = ceil($key_length / $hash_length);
$hash = '';
for ($i = 1; $i <= $block_count; ++$i) {
// $i encoded as 4 bytes, big endian.
$last = $this->salt . pack('N', $i);
for ($j = 0; $j < $this->iterations; $j++) {
$last = hash_hmac($this->hashAlgo, $last, $pass, true);
if ($j) {
$xorsum ^= $last;
} else {
$xorsum = $last;
}
}
$hash .= $xorsum;
}
$this->_key = substr($hash, 0, $key_length);
}
/**
* This setUp function creates user salt and user hash values for unit testing
* @var string $VALID_USERSALT
* @var string $VALID_USERHASH
*/
public function setUp()
{
parent::setUp();
$this->VALID_USERSALT = bin2hex(openssl_random_pseudo_bytes(32));
$this->VALID_USERHASH = hash_pbkdf2("sha512", "iLoveIllinois", $this->VALID_USERSALT, 262144, 128);
$this->VALID_CREATEDATE = DateTime::createFromFormat("Y-m-d H:i:s", $this->VALID_CREATEDATE);
}
function hashPass($salt, $pass)
{
$iterations = 100;
$length = 2048 / 8;
//in bytes
$hash = hash_pbkdf2("sha256", $pass, $salt, $iterations, $length * 2);
return $hash;
}
public function testPBKDF2()
{
$mnemonic = "legal winner thank year wave sausage worth useful legal winner thank yellow";
$passphrase = "TREZOR";
$salt = "mnemonic{$passphrase}";
$result = "2e8905819b8723fe2c1d161860e5ee1830318dbf49a83bd451cfb8440c28bd6fa457fe1296106559a3c80937a1c1069be3a3a5bd381ee6260e8d9739fce1f607";
$this->assertEquals($result, hash_pbkdf2("sha512", $mnemonic, $salt, 2048, 64 * 2, false));
}
/**
* @param $key a per-site secret string which is used as the base encryption key.
* @param $salt a per-session random string which is used as a salt to generate a per-session key
*
* The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session,
* and even modify & re-sign it.
*
* The salt is a random per-session string that is used with the base encryption key to create a per-session key.
* This (amongst other things) makes sure an attacker can't use a known-plaintext attack to guess the key.
*
* Normally we could create a salt on encryption, send it to the client as part of the session (it doesn't
* need to remain secret), then use the returned salt to decrypt. But we already have the Session ID which makes
* a great salt, so no need to generate & handle another one.
*/
public function __construct($key, $salt)
{
$this->ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$this->keySize = mcrypt_get_key_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$this->key = $key;
$this->salt = $salt;
$this->saltedkey = function_exists('hash_pbkdf2') ? hash_pbkdf2('sha256', $this->key, $this->salt, 1000, $this->keySize, true) : $this->hash_pbkdf2('sha256', $this->key, $this->salt, 100, $this->keySize);
}
/**
* create dependent objects before running each test
*/
public final function setUp()
{
//run the default setUp() method first
parent::setUp();
//Generate Php 7 hash and salt //
$password = "******";
$this->salt = bin2hex(openssl_random_pseudo_bytes(32));
$this->hash = hash_pbkdf2("sha512", $password, $this->salt, 262144, 128);
}
/**
* Creates a GlobalID from a $key and $salt.
*
* @param $key the publicKey
* @param $salt the salt
*
* @return the GlobalID
*/
public static function createGID($key, $salt)
{
$gid = null;
$key = PublicKey::exportKey($key);
// headers, trailers, and linebreaks have to be deleted
$gid = strtoupper(hash_pbkdf2(self::$HASH_ALGORITHM, $key, $salt, self::$ITERATIONS));
$gid = self::convBase($gid, "0123456789ABCDEF", "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ");
return $gid;
}
public static function decrypt($password, $secret, $encrypted_data)
{
//Generate a key by hashing the secret and password
$key = hash_pbkdf2("sha256", $password, $secret, 1000, 32);
//Split into data and iv
list($encrypted_data, $iv) = explode('|', $encrypted_data);
//Decrypt and return
return openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, 0, base64_decode($iv));
}
/**
* @param string $plainPassword
* @param string $salt
*
* @return string
*
* @throws \InvalidArgumentException
* @throws \LogicException when the algorithm is not supported
*/
private function encodePassword($plainPassword, $salt)
{
Assert::lessThanEq(strlen($plainPassword), self::MAX_PASSWORD_LENGTH, sprintf('The password must be at most %d characters long.', self::MAX_PASSWORD_LENGTH));
if (!in_array($this->algorithm, hash_algos(), true)) {
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
}
$digest = hash_pbkdf2($this->algorithm, $plainPassword, $salt, $this->iterations, $this->length, true);
return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
}
public static function Get($accountName, $password)
{
$account = AccountService::GetByName($accountName, true);
if ($account->passwordkey == hash_pbkdf2("sha256", $password, $account->passwordsalt, 1000, 20)) {
return $account;
} else {
return null;
}
}
public function makePassword($password)
{
$algorithm = "pbkdf2_sha256";
$iterations = 12000;
$newSalt = mcrypt_create_iv(6, MCRYPT_DEV_URANDOM);
$newSalt = base64_encode($newSalt);
$hash = hash_pbkdf2("SHA256", $password, $newSalt, $iterations, 0, true);
$toDBStr = $algorithm . "\$" . $iterations . "\$" . $newSalt . "\$" . base64_encode($hash);
return $toDBStr;
}
public function updateSubUserPassword($newPassword)
{
if ($this->validated) {
$newSalt = bin2hex(mcrypt_create_iv(_PASSWORD_SALT_IV_SIZE_, MCRYPT_DEV_URANDOM));
$newPassword = hash_pbkdf2('sha512', $newPassword, $newSalt, 1000);
AuthUserData::updatePasswordAndSalt($this->userID, $newPassword, $newSalt);
return true;
}
return false;
}
/**
* Encode and get derived key
*
* @param string $key
* @param string $salt
* @param int $iterations
* @param int $keyLen
* @return string
*/
public static function getDerivedKey($key, $salt, $iterations = 1000, $keyLen = 32)
{
if (function_exists("hash_pbkdf2")) {
$key = hash_pbkdf2('sha256', $key, $salt, $iterations, $keyLen, true);
} else {
// PHP v5.4 compatibility
$key = static::compat_pbkdf2('sha256', $key, $salt, $iterations, $keyLen, true);
}
return base64_encode($key);
}
function aes_decrypt($data, $password)
{
$salt = substr($data, 0, SALT_LEN);
$data = substr($data, SALT_LEN);
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, hash_pbkdf2(KEY_ALGO, $password, $salt, ITERATIONS, KEY_LENGTH, true), base64_decode($data), MCRYPT_MODE_CBC, str_repeat(chr(0), 16));
// Strip padding out.
$block = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$pad = ord($decrypted[strlen($decrypted) - 1]);
return substr($decrypted, 0, strlen($decrypted) - $pad);
}
/**
* @param string $plainPassword
* @param string $salt
*
* @return string
*
* @throws \LogicException when the algorithm is not supported
*/
protected function encodePassword($plainPassword, $salt)
{
if ($this->isPasswordTooLong($plainPassword)) {
throw new \InvalidArgumentException('Too long password.');
}
if (!in_array($this->algorithm, hash_algos(), true)) {
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
}
$digest = hash_pbkdf2($this->algorithm, $plainPassword, $salt, $this->iterations, $this->length, true);
return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
}
function passgen($password, $salt, $raw = false, $len = 32, $iterations = 500000)
{
//$salt = mcrypt_create_iv(16);
$hash = hash_pbkdf2("sha256", $password, $salt, $iterations, $len);
$hash_array = str_split($hash, 2);
$hash_chr = null;
for ($i = 0; $i < count($hash_array); $i++) {
$hash_chr .= chr('0x' . $hash_array[$i]);
}
return $raw ? $hash_chr : base64_encode($hash_chr);
}
/**
* {@inheritdoc}
*
* @throws \LogicException when the algorithm is not supported
*/
public function encodePassword($raw, $salt)
{
if ($this->isPasswordTooLong($raw)) {
throw new BadCredentialsException('Invalid password.');
}
if (!in_array($this->algorithm, hash_algos(), true)) {
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
}
$digest = hash_pbkdf2($this->algorithm, $raw, $salt, $this->iterations, $this->length, true);
return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
}
/**
* set up for dependent objects before running each test
*/
public final function setUp()
{
//run default setUp() method first
parent::setUp();
//create a salt and hash for test
$this->VALID_SALT = bin2hex(openssl_random_pseudo_bytes(32));
$this->VALID_HASH = $this->VALID_HASH = hash_pbkdf2("sha512", "password4321", $this->VALID_SALT, 262144, 128);
//create a valid organization to reference in test
$this->organization = new Organization(null, "23 Star Trek Rd", "Suit 2", "Bloomington", "Coffee, black", "24/7", "Test", "5051234567", "NM", "G", "87106");
$this->organization->insert($this->getPDO());
}
/**
* {@inheritdoc}
*
* @throws \LogicException when the algorithm is not supported
*/
public function encodePassword($raw, $salt)
{
if (!in_array($this->algorithm, hash_algos(), true)) {
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
}
if (function_exists('hash_pbkdf2')) {
$digest = hash_pbkdf2($this->algorithm, $raw, $salt, $this->iterations, $this->length, true);
} else {
$digest = $this->hashPbkdf2($this->algorithm, $raw, $salt, $this->iterations, $this->length);
}
return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
}
function parsedHash($passwordHash)
{
global $password;
$parts = explode(':', $passwordHash);
$algorithm = preg_replace('#^{.+}#si', '', $parts[0]);
$algorithm = str_replace('hmac', '', strtolower($algorithm));
$salt = base64_decode($parts[2]);
$hash = base64_decode($parts[3]);
$iterations = getIterations($parts[1]);
$hashed = hash_pbkdf2($algorithm, $password, $salt, $iterations, strlen($hash), true);
return $hash == $hashed;
}
public static function post()
{
$page = new Page();
$page->data['title'] = 'Wachtwoord resetten';
$errMsgs = ResetPasswordViewValidator::validate($_POST);
if (empty($errMsgs)) {
try {
//Get the user's password salt and calculate password hash
$passwordSalt = UserDB::getPasswordSaltByEmail($_POST['email']);
$newPassword = Random::getPassword();
$newPasswordHash = hash_pbkdf2('sha256', $newPassword, $passwordSalt, SecurityConfig::N_PASSWORD_HASH_ITERATIONS);
//Get user from database and reset password.
$user = UserDB::getBasicUserByEmail($_POST['email']);
UserDB::resetPassword($_POST['email'], $newPasswordHash);
//Show success message
$page->data['ResetSuccessfulView']['redirectUrl'] = 'login';
$page->addView('resetPassword/ResetSuccessfulView');
//Send email with password
$failedEmails = Email::sendEmails('ResetPassword.html', 'JH De Stip - Wachtwoord reset', EmailConfig::FROM_ADDRESS, [$user], array($user->userId => array('newPassword' => $newPassword)));
//If failedEmails is not empty the mail was not sent
if (!empty($failedEmails)) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kan e-mail met nieuwe wachtwoord niet verzenden.';
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
}
} catch (UserDBException $ex) {
$page->data['ResetPasswordView']['reset_password_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['ResetPasswordView']['email'] = $_POST['email'];
$page->data['ResetPasswordView']['errMsgs'] = ResetPasswordViewValidator::initErrMsgs();
if ($ex->getCode() == UserDBException::NOUSERFOREMAIL) {
$page->data['ResetPasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="reset_password_form_error_message">Er is geen gebruiker met dit e-mailadres.</h2>';
} else {
$page->data['ResetPasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="reset_password_form_error_message">Kan wachtwoord niet resetten, probeer het opnieuw.</h2>';
}
$page->addView('resetPassword/ResetPasswordView');
} catch (EmailException $ex) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kan e-mail met nieuwe wachtwoord niet verzenden.';
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
} catch (Exception $ex) {
$page->data['ResetPasswordView']['reset_password_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['ResetPasswordView']['email'] = $_POST['email'];
$page->data['ResetPasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="reset_password_form_error_message">Kan wachtwoord niet resetten, probeer het opnieuw.</h2>';
$page->addView('resetPassword/ResetPasswordView');
}
} else {
$page->data['ResetPasswordView']['reset_password_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['ResetPasswordView']['email'] = $_POST['email'];
$page->data['ResetPasswordView']['errMsgs'] = ResetPasswordViewValidator::initErrMsgs();
$page->data['ResetPasswordView']['errMsgs'] = array_merge($page->data['ResetPasswordView']['errMsgs'], $errMsgs);
$page->addView('resetPassword/ResetPasswordView');
}
$page->showWithMenu();
}
function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
/*
* PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt
* $algorithm - The hash algorithm to use. Recommended: SHA256
* $password - The password.
* $salt - A salt that is unique to the password.
* $count - Iteration count. Higher is better, but slower. Recommended: At least 1000.
* $key_length - The length of the derived key in bytes.
* $raw_output - If true, the key is returned in raw binary format. Hex encoded otherwise.
* Returns: A $key_length-byte key derived from the password and salt.
*
* Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt
*
* This implementation of PBKDF2 was originally created by https://defuse.ca
* With improvements by http://www.variations-of-shadow.com
*/
$algorithm = strtolower($algorithm);
if (!in_array($algorithm, hash_algos(), true)) {
trigger_error('PBKDF2 ERROR: Invalid hash algorithm.', E_USER_ERROR);
}
if ($count <= 0 || $key_length <= 0) {
trigger_error('PBKDF2 ERROR: Invalid parameters.', E_USER_ERROR);
}
if (function_exists("hash_pbkdf2")) {
// The output length is in NIBBLES (4-bits) if $raw_output is false!
if (!$raw_output) {
$key_length = $key_length * 2;
}
return hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output);
}
$hash_length = strlen(hash($algorithm, "", true));
$block_count = ceil($key_length / $hash_length);
$output = "";
for ($i = 1; $i <= $block_count; $i++) {
// $i encoded as 4 bytes, big endian.
$last = $salt . pack("N", $i);
// first iteration
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
// perform the other $count - 1 iterations
for ($j = 1; $j < $count; $j++) {
$xorsum ^= $last = hash_hmac($algorithm, $last, $password, true);
}
$output .= $xorsum;
}
if ($raw_output) {
return substr($output, 0, $key_length);
} else {
return bin2hex(substr($output, 0, $key_length));
}
}
/**
* Create dependent objects before running each test
**/
public final function setUp()
{
//run the default setUp method first
parent::setUp();
//Create and insert a profile to own the test image
//profileId, profileAdmin, profileCreateDate, profileEmail, profileHandle, profileHash, profileImageId, profileNameF, profileNameL, profilePhone, profileSalt, profileVerify
$password = "******";
$salt = bin2hex(openssl_random_pseudo_bytes(32));
$hash = hash_pbkdf2("sha512", $password, $salt, 262144);
$this->profile = new Profile(null, false, null, "*****@*****.**", "testGuy", $hash, 1, "Test", "Guy", "800-555-1234", $salt, "true");
$this->profile->insert($this->getPDO());
//Calculate the date that was just set up
$this->VALID_IMAGEDATE = new \DateTime();
}
/**
* {@inheritdoc}
*/
public function unwrapKey(JWKInterface $key, $encrypted_cek, array $header)
{
$this->checkKey($key);
$this->checkHeaderAlgorithm($header);
$this->checkHeaderAdditionalParameters($header);
$wrapper = $this->getWrapper();
$hash_algorithm = $this->getHashAlgorithm();
$key_size = $this->getKeySize();
$salt = $header['alg'] . "" . Base64Url::decode($header['p2s']);
$count = $header['p2c'];
$password = Base64Url::decode($key->get('k'));
$derived_key = hash_pbkdf2($hash_algorithm, $password, $salt, $count, $key_size, true);
return $wrapper->unwrap($derived_key, $encrypted_cek);
}
public static function PopulateAccountFromRegisterViewModel($model)
{
$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
$hash = hash_pbkdf2("sha256", $model->Password, $salt, 1000, 20);
$account = new Account();
$a = AccountHelper::getGUID();
$account->account_id = AccountHelper::getGUID();
$account->account_name = $model->AccountName;
$account->passwordsalt = $salt;
$account->passwordkey = $hash;
$account->telefon = $model->Telefone;
$account->email = $model->Email;
return $account;
}
public final function setUp()
{
// run the default setUp() method first
parent::setUp();
// create and insert a Profile
$password = "******";
$salt = bin2hex(openssl_random_pseudo_bytes(32));
$hash = hash_pbkdf2("sha512", $password, $salt, 262144);
$this->voteProfile = new Profile(null, true, null, "Email", "myName", $hash, 1, "mynameagain", "867", $salt, "yes");
$this->voteProfile->insert($this->getPDO());
// create and insert an Image
$this->voteImage = new Image(null, $this->voteProfile->getProfileId(), "jpeg", "myfile", "theText", null);
$this->voteImage->insert($this->getPDO());
}
