OpenXE/phpwf/plugins/class.wawision_otp.php

155 lines
3.9 KiB
PHP
Raw Normal View History

2021-05-21 08:49:41 +02:00
<?php
/*
**** COPYRIGHT & LICENSE NOTICE *** DO NOT REMOVE ****
*
* Xentral (c) Xentral ERP Sorftware GmbH, Fuggerstrasse 11, D-86150 Augsburg, * Germany 2019
*
* This file is licensed under the Embedded Projects General Public License *Version 3.1.
*
* You should have received a copy of this license from your vendor and/or *along with this file; If not, please visit www.wawision.de/Lizenzhinweis
* to obtain the text of the corresponding license version.
*
**** END OF COPYRIGHT & LICENSE NOTICE *** DO NOT REMOVE ****
*/
?>
<?php
//include("xtea.class.php");
/*
$serial = "abcdefghijklmNopqrstuvwxyz";
$key = pack('V*', 0x01,0x02,0x03,0x04);
$pad = "4371353838310545596909623831103272086622087173752843453214777855055965572268047010384215";
*/
//print(wawision_pad_verify($pad,$key,$serial));
//print(wawision_pad_verify($pad,$key,$serial));
class WaWisionOTP
{
function wawision_encode($base64) {
$output = "";
for($i = 0; $i < strlen($base64)-1; $i++) {
$c = ord($base64[$i])-ord('+');
$output .= chr($c/10 + ord('0'));
$output .= chr($c%10 + ord('0'));
}
return $output;
}
function wawision_decode($input)
{
$base64_str = "";
for ($i=0; $i<strlen($input)/2; $i++) {
$ten = ord($input[2*$i]) - ord('0');
$one = ord($input[2*$i+1]) - ord('0');
/* check if input is valid */
$value = $ten*10+$one;
if($ten < 0 || $ten > 9 || $one < 0 || $one > 9) {
return FALSE;
}
$base64_str .= chr($value + ord("+"));
}
return $base64_str;
}
function wawision_pad_verify($pad,$key,$serial)
{
$cipher = $this->wawision_decode($pad);
if($cipher == FALSE) {
return FALSE;
}
$xtea = new XTEA($key);
$plain = $xtea->decrypt($cipher);
if($plain == FALSE)
return FALSE;
/* check serial */
if($plain[0] != $serial[0] ||
$plain[1] != $serial[1] ||
$plain[2] != $serial[2] ||
$plain[3] != $serial[3] ||
$plain[4] != $serial[4] ||
$plain[8] != $serial[5] ||
$plain[9] != $serial[6] ||
$plain[10] != $serial[7] ||
$plain[11] != $serial[8] ||
$plain[12] != $serial[9] ||
$plain[16] != $serial[10] ||
$plain[17] != $serial[11] ||
$plain[18] != $serial[12] ||
$plain[19] != $serial[13] ||
$plain[20] != $serial[14]) {
return FALSE;
}
/* check rnd */
$rnd1 = ord($plain[7]);
$rnd2 = ord($plain[15]);
$rnd12 = ord($plain[23]);
if(($rnd1 + $rnd2) % 256 != $rnd12)
return FALSE;
/* extract counter */
$counter = ord($plain[5]) << 24;
$counter += ord($plain[6]) << 16;
$counter += ord($plain[13]) << 8;
$counter += ord($plain[14]);
/* success */
return $counter;
}
function wawision_pad_create($key, $serial, $counter)
{
/* 1st block */
$plain = $serial[0];
$plain .= $serial[1];
$plain .= $serial[2];
$plain .= $serial[3];
$plain .= $serial[4];
$plain .= chr($counter >> 24);
$plain .= chr($counter >> 16);
$plain .= chr(rand());
/* 2nd block */
$plain .= $serial[5];
$plain .= $serial[6];
$plain .= $serial[7];
$plain .= $serial[8];
$plain .= $serial[9];
$plain .= chr($counter >> 8);
$plain .= chr($counter);
$plain .= chr(rand());
/* 3rd block */
$plain .= $serial[10];
$plain .= $serial[11];
$plain .= $serial[12];
$plain .= $serial[13];
$plain .= $serial[14];
$plain .= chr(rand());
$plain .= chr(rand());
$plain .= chr((ord($plain[7])+ord($plain[15])) % 256);
/* encrypt using XTEA CBC */
$xtea = new XTEA($key);
$cipher = $xtea->encrypt($plain);
/* encode using wawision_encode */
return $this->wawision_encode($cipher);
}
}