Mercurial > hg > marc_php

diff marcus.php @ 3:5c8c4fa95803 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added support for transfer chaining and some bugfixes
author Ivo Smits <Ivo@UCIS.nl>
date Mon, 17 Nov 2014 01:19:05 +0100
parents caa68b502313
children c642254dc9ee
line wrap: on
line diff
--- a/marcus.php	Fri Nov 14 00:08:24 2014 +0100
+++ b/marcus.php	Mon Nov 17 01:19:05 2014 +0100
@@ -81,8 +81,7 @@
 					break;
 				case 'USE':
 					$key = array('store' => FALSE, 'pk' => $resource['key']);
-					if (isset($resource['value']['seckey'])) $key['sk'] = $resource['value']['seckey'];
-					if (isset($resource['value']['seckeyenc'])) $key['locked'] = $resource['value']['seckeyenc'];
+					if (isset($resource['value']['seckey'])) $key['locked'] = $resource['value']['seckey'];
 					break;
 				case 'IMPORT':
 					$key = array('store' => FALSE);
@@ -91,10 +90,13 @@
 					break;
 				case 'UNLOCK':
 					if (!isset($key['locked'])) throw new Exception('The key is not locked');
-					$ret = hash('sha512', $key['pk'].$argv[$argi++], TRUE);
-					$key['sk'] = '';
-					for ($i = 0; $i < 32; $i++) $key['sk'] .= chr(ord($key['locked'][$i]) ^ ord($ret[$i]));
-					$ret = nacl_crypto_sign_ed25519_keypair($key['sk'], $key['sk']);
+					if (!is_array($key['locked']) || !isset($key['locked']['key'])) throw new Exception('The locked key is invalid');
+					$rounds = isset($key['locked']['rounds']) ? intval($key['locked']['rounds']) : 0;
+					$ret = str_repeat(chr(0), 64);
+					for ($i = 0; $i < $rounds; $i++) $ret = hash('sha512', $ret.$argv[$argi].$key['pk'], TRUE);
+					$argi++;
+					$ret = substr($key['locked'] ^ $ret, 0, 32);
+					$ret = nacl_crypto_sign_ed25519_keypair($key['sk'], $ret);
 					if ($ret != $key['pk']) throw new Exception('Key password is not valid');
 					echo 'Unlocked public key '.bin2hex($key['pk'])."\n";
 					break;
@@ -138,9 +140,11 @@
 					break;
 				case 'PWAUTH':
 					if (!isset($key['sk'])) throw new Exception('The key is not available');
-					$ret = hash('sha512', $key['pk'].$argv[$argi++], TRUE);
-					$key['locked'] = '';
-					for ($i = 0; $i < 32; $i++) $key['locked'] .= chr(ord($key['sk'][$i]) ^ ord($ret[$i]));
+					$rounds = 5000;
+					$ret = str_repeat(chr(0), 64);
+					for ($i = 0; $i < $rounds; $i++) $ret = hash('sha512', $ret.$argv[$argi].$key['pk'], TRUE);
+					$argi++;
+					$key['locked'] = array('rounds' => $rounds, 'key' => substr($key['sk'] ^ $hash, 0, 32));
 					if (!isset($resource['value']) || !is_array($resource['value'])) $resource['value'] = array();
 					$resource['value']['seckeyenc'] = $key['locked'];
 					$reschanged = TRUE;