コード例 #1
ファイル: Association.php プロジェクト: markwu/simpleid
  * Creates an association for OpenID versions 1 and 2.
  * This function calls {@link DiffieHellman::associateAsServer()} where required, to 
  * generate the cryptographic values required for an association response.
  * @param string $assoc_type a valid OpenID association type
  * @link http://openid.net/specs/openid-authentication-1_1.html#anchor14, http://openid.net/specs/openid-authentication-2_0.html#anchor20
 function __construct($mode = self::ASSOCIATION_SHARED, $assoc_type = 'HMAC-SHA1')
     $rand = new Random();
     $assoc_types = self::getAssociationTypes();
     $this->assoc_handle = $rand->id();
     $this->assoc_type = $assoc_type;
     $mac_size = $assoc_types[$assoc_type]['mac_size'];
     $this->mac_key = base64_encode($rand->bytes($mac_size));
     $this->created = time();
     if ($mode == self::ASSOCIATION_PRIVATE) {
         $this->private = true;
コード例 #2
ファイル: OpaqueIdentifier.php プロジェクト: J0s3f/simpleid
  * Gets the site-specific key for generating identifiers.
  * If the key does not exist, it is automatically generated.
  * @return string site-specific key as a binary string
 private static function getOpaqueToken()
     $store = StoreManager::instance();
     $opaque_token = $store->getSetting('opaque-token');
     if ($opaque_token == NULL) {
         $rand = new Random();
         $opaque_token = $rand->bytes(16);
         $store->setSetting('opaque-token', base64_encode($opaque_token));
     } else {
         $opaque_token = base64_decode($opaque_token);
     return $opaque_token;
コード例 #3
ファイル: Token.php プロジェクト: J0s3f/simpleid
  * Gets the site-specific encryption and signing key.
  * If the key does not exist, it is automatically generated.
  * @return string the site-specific encryption and signing key
  * as a base64url encoded string
 protected static function getKey()
     $store = StoreManager::instance();
     $key = $store->getSetting('oauth-fernet');
     if ($key == NULL) {
         $rand = new Random();
         $key = Fernet::base64url_encode($rand->bytes(32));
         $store->setSetting('oauth-fernet', $key);
     return $key;
コード例 #4
  * Displays the page used to set up login verification using one-time
  * passwords.
 public function setup()
     $auth = AuthManager::instance();
     $store = StoreManager::instance();
     $user = $auth->getUser();
     $tpl = new \Template();
     $token = new SecurityToken();
     // Require HTTPS, redirect if necessary
     $this->checkHttps('redirect', true);
     if (!$auth->isLoggedIn()) {
     if ($this->f3->get('POST.op') == $this->t('Disable')) {
         if ($this->f3->exists('POST.tk') === false || !$token->verify($this->f3->get('POST.tk'), 'otp')) {
             $this->f3->set('message', $this->t('SimpleID detected a potential security attack.  Please try again.'));
             $this->f3->mock('GET /my/dashboard');
         if (isset($user['otp'])) {
         $this->f3->set('message', $this->t('Login verification has been disabled.'));
         $this->f3->mock('GET /my/dashboard');
     } elseif ($this->f3->get('POST.op') == $this->t('Verify')) {
         $params = $token->getPayload($this->f3->get('POST.otp_params'));
         $this->f3->set('otp_params', $this->f3->get('POST.otp_params'));
         if ($this->f3->exists('POST.tk') === false || !$token->verify($this->f3->get('POST.tk'), 'otp')) {
             $this->f3->set('message', $this->t('SimpleID detected a potential security attack.  Please try again.'));
         } elseif ($this->f3->exists('POST.otp') === false || $this->f3->get('POST.otp') == '') {
             $this->f3->set('message', $this->t('You need to enter the verification code to complete enabling login verification.'));
         } elseif ($this->verifyOTP($params, $this->f3->get('POST.otp'), 10) === false) {
             $this->f3->set('message', $this->t('The verification code is not correct.'));
         } else {
             $user['otp'] = $params;
             $this->f3->set('message', $this->t('Login verification has been enabled.'));
             $this->f3->mock('GET /my/dashboard');
     } else {
         $rand = new Random();
         $params = array('type' => 'totp', 'secret' => $rand->bytes(10), 'algorithm' => 'sha1', 'digits' => 6, 'period' => 30, 'drift' => 0, 'remember' => array());
         $this->f3->set('otp_params', $token->generate($params, SecurityToken::OPTION_BIND_SESSION));
     $secret = new BigNum($params['secret'], 256);
     $code = strtr($secret->val(32), '0123456789abcdefghijklmnopqrstuv', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567');
     $code = str_repeat('A', 16 - strlen($code)) . $code;
     for ($i = 0; $i < strlen($code); $i += 4) {
         $this->f3->set('secret' . ($i + 1), substr($code, $i, 4));
     $url = 'otpauth://totp/SimpleID?secret=' . $code . '&digits=' . $params['digits'] . '&period=' . $params['period'];
     $this->f3->set('qr', addslashes($url));
     $this->f3->set('about_otp', $this->t('Login verification adds an extra layer of protection to your account. When enabled, you will need to enter an additional security code whenever you log into SimpleID.'));
     $this->f3->set('otp_warning', $this->t('<strong>WARNING:</strong> If you enable login verification and lose your authenticator app, you will need to <a href="!url">edit your identity file manually</a> before you can log in again.', array('!url' => 'http://simpleid.koinic.net/docs/2/common_problems/#otp')));
     $this->f3->set('setup_otp', $this->t('To set up login verification, following these steps.'));
     $this->f3->set('download_app', $this->t('Download an authenticator app that supports TOTP for your smartphone, such as Google Authenticator.'));
     $this->f3->set('add_account', $this->t('Add your SimpleID account to authenticator app using this key.  If you are viewing this page on your smartphone you can use <a href="!url">this link</a> or scan the QR code to add your account.', array('!url' => $url)));
     $this->f3->set('verify_code', $this->t('To check that your account has been added properly, enter the verification code from your phone into the box below, and click Verify.'));
     $this->f3->set('tk', $token->generate('otp', SecurityToken::OPTION_BIND_SESSION));
     $this->f3->set('otp_label', $this->t('Verification code:'));
     $this->f3->set('submit_button', $this->t('Verify'));
     $this->f3->set('page_class', 'dialog-page');
     $this->f3->set('title', $this->t('Login Verification'));
     $this->f3->set('framekiller', true);
     $this->f3->set('layout', 'auth_otp_setup.html');
     print $tpl->render('page.html');
コード例 #5
ファイル: DiffieHellman.php プロジェクト: J0s3f/simpleid
  * Generates a random integer, which will be used to derive a private key
  * for Diffie-Hellman key exchange.  The integer must be less than $stop
  * @param BigNum $stop a prime number as a bignum
  * @return BigNum the random integer as a bignum
 private function generateRandom($stop)
     $duplicate_cache = array();
     $rand = new Random();
     // Used as the key for the duplicate cache
     $rbytes = $stop->val(256);
     if (array_key_exists($rbytes, $duplicate_cache)) {
         list($duplicate, $nbytes) = $duplicate_cache[$rbytes];
     } else {
         if ($rbytes[0] == "") {
             $nbytes = strlen($rbytes) - 1;
         } else {
             $nbytes = strlen($rbytes);
         $mxrand = new BigNum(256);
         $mxrand = $mxrand->pow(new BigNum($nbytes));
         // If we get a number less than this, then it is in the
         // duplicated range.
         $duplicate = $mxrand->mod($stop);
         if (count($duplicate_cache) > 10) {
             $duplicate_cache = array();
         $duplicate_cache[$rbytes] = array($duplicate, $nbytes);
     do {
         $bytes = "" . $rand->bytes($nbytes);
         $n = new BigNum($bytes, 256);
         // Keep looping if this value is in the low duplicated range
     } while ($n->cmp($duplicate) < 0);
     return $n->mod($stop);
コード例 #6
ファイル: SecurityToken.php プロジェクト: J0s3f/simpleid
  * Gets the site-specific encryption and signing key.
  * If the key does not exist, it is automatically generated.
  * @return string the site-specific encryption and signing key
  * as a base64url encoded string
 private static function getSiteToken()
     $store = StoreManager::instance();
     $site_token = $store->getSetting('site-token');
     if ($site_token == NULL) {
         $rand = new Random();
         $site_token = Fernet::base64url_encode($rand->bytes(32));
         $store->setSetting('site-token', $site_token);
     return $site_token;