public static function authenticate($user, $server, $success_url, $fail_url) { // Return error if any required parameter is missing if (!isset($user['random']) || !isset($user['public_key']) || !isset($user['md5']) || !isset($user['sha']) || !isset($server['pre_master_secret']) || !isset($server['random'])) { return false; } $user['public_key'] = TrustAuth::fix_key($user['public_key']); // Load the key into the engine $rsa = new Crypt_RSA(); $rsa->loadKey($user['public_key']); $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); // Decrypt the hashes from the client $user_md5 = bin2hex($rsa->decrypt(pack('H*', $user['md5']))); $user_sha = bin2hex($rsa->decrypt(pack('H*', $user['sha']))); // Generate the master secret $master_secret = TrustAuth::get_master_secret($server['pre_master_secret'], $user['random'], $server['random']); $transmitted_messages = TrustAuth::get_transmitted_messages($user['random'], $master_secret, $server['random']); // Calculate the expected hashes from the client $md5_hash = TrustAuth::get_md5_hash($master_secret, $user['random'], $server['random'], $transmitted_messages); $sha_hash = TrustAuth::get_sha_hash($master_secret, $user['random'], $server['random'], $transmitted_messages); // If the hashes match then set the successful login session secret if ($md5_hash === $user_md5 && $sha_hash === $user_sha) { return array('status' => true, 'json' => json_encode(array('url' => $success_url, 'status' => TrustAuth::$status['logged_in']))); } else { return array('status' => false, 'json' => json_encode(array('url' => $fail_url, 'status' => TrustAuth::$status['auth_fail'], 'error' => 'Failed to authenticate.'))); } }