Forked from SpaHost/SCRAM-SHA-1 Validator for XMPP Prosody
Created
March 15, 2016 23:45
-
-
Save cagonza6/f1e4597309868d5a5f09 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// SCRAM-SHA-1 Validator PHP | |
// | |
// PHP 5.5.0 or greater required | |
// | |
// Lorenzo J. Gonzalez | |
// A.k.a: SpaHost | |
// Xmpp: djyxa@spahost.es | |
// | |
// Thanks to prosody@conference.prosody.im for helping me and repeat everytime this and this: | |
// - http://tools.ietf.org/html/rfc5802 | |
// - https://www.zash.se/scram.dia.png | |
// HMAC-SHA-1 Implementation from http://es1.php.net/hash_hmac (josefkoh at hotmail dot com) | |
function hmac_sha1($key, $data) { | |
// Adjust key to exactly 64 bytes | |
if (strlen($key) > 64) { | |
$key = str_pad(sha1($key, true), 64, chr(0)); | |
} | |
if (strlen($key) < 64) { | |
$key = str_pad($key, 64, chr(0)); | |
} | |
// Outter and Inner pad | |
$opad = str_repeat(chr(0x5C), 64); | |
$ipad = str_repeat(chr(0x36), 64); | |
// Xor key with opad & ipad | |
for ($i = 0; $i < strlen($key); $i++) { | |
$opad[$i] = $opad[$i] ^ $key[$i]; | |
$ipad[$i] = $ipad[$i] ^ $key[$i]; | |
} | |
return sha1($opad.sha1($ipad.$data, true)); | |
} | |
$plain_password = 'example_password'; | |
$internal_salt = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'; // SQL->accounts->salt->string | |
$internal_iteration = '4096'; // SQL->accounts-iteration_count->number | |
$internal_server_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; // SQL->accounts->server_key->string | |
$internal_stored_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; // SQL->accounts->stored_key->string | |
// Lets do the magic | |
$new_salted_password = hash_pbkdf2('sha1', $plain_password , $internal_salt, $internal_iteration, 0, true); | |
$new_server_key = hmac_sha1($new_salted_password, 'Server Key'); | |
$new_client_key = hmac_sha1($new_salted_password, 'Client Key'); | |
$new_stored_key = sha1(hex2bin($new_client_key)); | |
// Check it | |
if ($new_server_key == $internal_server_key){ | |
echo 'Valid Server Key'; | |
} else { | |
echo 'Try Again'; | |
} | |
if ($new_stored_key == $internal_stored_key){ | |
echo 'Valid Stored Key'; | |
} else { | |
echo 'Try Again'; | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment