/** * Compute an HMAC/SHA1 hash. * * @access private * @param string $key The HMAC key * @param string $text The message text to hash * @return string $mac The MAC */ function Auth_OpenID_HMACSHA1($key, $text) { if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) { $key = Auth_OpenID_SHA1($key, true); } $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x0)); $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE); $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE); $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true); $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true); return $hmac; }
/** * Compute an HMAC/SHA1 hash. * * @access private * @param string $key The HMAC key * @param string $text The message text to hash * @return string $mac The MAC */ function Auth_OpenID_HMACSHA1($key, $text) { if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) { $key = Auth_OpenID_SHA1($key, true); } if (function_exists('hash_hmac') && function_exists('hash_algos') && in_array('sha1', hash_algos())) { return hash_hmac('sha1', $text, $key, true); } // Home-made solution $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x0)); $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE); $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE); $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true); $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true); return $hmac; }
/** * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security * of the tokens generated by the library, this class attempts to * at least have a secure implementation of getAuthKey. * * When you create an instance of this class, pass in a secret * phrase. The phrase is hashed with sha1 to make it the correct * length and form for an auth key. That allows you to use a long * string as the secret phrase, which means you can make it very * difficult to guess. * * Each {@link Auth_OpenID_DumbStore} instance that is created for use by * your consumer site needs to use the same $secret_phrase. * * @param string secret_phrase The phrase used to create the auth * key returned by getAuthKey */ function Auth_OpenID_DumbStore($secret_phrase) { $this->auth_key = Auth_OpenID_SHA1($secret_phrase); }
function xorSecret($composite, $secret) { $dh_shared = $this->getSharedSecret($composite); $dh_shared_str = $this->lib->longToBinary($dh_shared); $sha1_dh_shared = Auth_OpenID_SHA1($dh_shared_str); $xsecret = ""; for ($i = 0; $i < strlen($secret); $i++) { $xsecret .= chr(ord($secret[$i]) ^ ord($sha1_dh_shared[$i])); } return $xsecret; }
/** * @access private */ function _safe64($str) { $h64 = base64_encode(Auth_OpenID_SHA1($str)); $h64 = str_replace('+', '_', $h64); $h64 = str_replace('/', '.', $h64); $h64 = str_replace('=', '', $h64); return $h64; }
/** * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security * of the tokens generated by the library, this class attempts to * at least have a secure implementation of getAuthKey. * * When you create an instance of this class, pass in a secret * phrase. The phrase is hashed with sha1 to make it the correct * length and form for an auth key. That allows you to use a long * string as the secret phrase, which means you can make it very * difficult to guess. * * Each {@link Auth_OpenID_DumbStore} instance that is created for use by * your consumer site needs to use the same $secret_phrase. * * @param string secret_phrase The phrase used to create the auth * key returned by getAuthKey */ function __construct($secret_phrase) { $this->auth_key = Auth_OpenID_SHA1($secret_phrase); }
/** * Return a hashed form of the user's password */ function hashPassword($password) { return bin2hex(Auth_OpenID_SHA1($password)); }