Merge pull request #18 from SignpostMarv/update-implementation/hidden…

…-string adding HiddenString support
paragonie · May 13, 2019 · c062ccb · c062ccb
2 parents 169bd6a + 1e65215
commit c062ccb
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 14 deletions.
diff --git a/composer.json b/composer.json
@@ -34,7 +34,8 @@
   "require": {
     "php": "^7",
     "bacon/bacon-qr-code": "^1",
-    "paragonie/constant_time_encoding": "^2"
+    "paragonie/constant_time_encoding": "^2",
+    "paragonie/hidden-string": "^1"
   },
   "require-dev": {
     "phpunit/phpunit": "^6",

diff --git a/src/OTP/HOTP.php b/src/OTP/HOTP.php
@@ -6,6 +6,7 @@
     Binary,
     Hex
 };
+use ParagonIE\HiddenString\HiddenString;
 
 /**
  * Class HOTP
@@ -41,13 +42,13 @@ public function __construct(
      * Generate a HOTP secret in accordance with RFC 4226
      *
      * @ref https://tools.ietf.org/html/rfc4226
-     * @param string $sharedSecret The key to use for determining the HOTP
+     * @param string|HiddenString $sharedSecret The key to use for determining the HOTP
      * @param int $counterValue    Current time or HOTP counter
      * @return string
      * @throws \OutOfRangeException
      */
     public function getCode(
-        string $sharedSecret,
+        $sharedSecret,
         int $counterValue
     ): string {
         if ($this->length < 1 || $this->length > 10) {
@@ -56,7 +57,7 @@ public function getCode(
             );
         }
         $msg = $this->getTValue($counterValue, true);
-        $bytes = \hash_hmac($this->algo, $msg, $sharedSecret, true);
+        $bytes = \hash_hmac($this->algo, $msg, is_string($sharedSecret) ? $sharedSecret : $sharedSecret->getString(), true);
 
         $byteLen = Binary::safeStrlen($bytes);
 

diff --git a/src/OTP/OTPInterface.php b/src/OTP/OTPInterface.php
@@ -2,6 +2,8 @@
 declare(strict_types=1);
 namespace ParagonIE\MultiFactor\OTP;
 
+use ParagonIE\HiddenString\HiddenString;
+
 /**
  * Interface OTPInterface
  * @package ParagonIE\MultiFactor\OTP
@@ -11,13 +13,13 @@ interface OTPInterface
     /**
      * Get the code we need
      *
-     * @param string $sharedSecret The key to use for determining the TOTP
+     * @param string|HiddenString $sharedSecret The key to use for determining the TOTP
      * @param int $counterValue    Current time or HOTP counter
      * @return string
      * @throws \OutOfRangeException
      */
     public function getCode(
-        string $sharedSecret,
+        $sharedSecret,
         int $counterValue
     ): string;
 

diff --git a/src/OTP/TOTP.php b/src/OTP/TOTP.php
@@ -6,6 +6,7 @@
     Binary,
     Hex
 };
+use ParagonIE\HiddenString\HiddenString;
 
 /**
  * Class TOTP
@@ -57,13 +58,13 @@ public function __construct(
      * Generate a TOTP secret in accordance with RFC 6238
      *
      * @ref https://tools.ietf.org/html/rfc6238
-     * @param string $sharedSecret The key to use for determining the TOTP
+     * @param string|HiddenString $sharedSecret The key to use for determining the TOTP
      * @param int $counterValue    Current time or HOTP counter
      * @return string
      * @throws \OutOfRangeException
      */
     public function getCode(
-        string $sharedSecret,
+        $sharedSecret,
         int $counterValue
     ): string {
         if ($this->length < 1 || $this->length > 10) {
@@ -72,7 +73,7 @@ public function getCode(
             );
         }
         $msg = $this->getTValue($counterValue, true);
-        $bytes = \hash_hmac($this->algo, $msg, $sharedSecret, true);
+        $bytes = \hash_hmac($this->algo, $msg, is_string($sharedSecret) ? $sharedSecret : $sharedSecret->getString(), true);
 
         $byteLen = Binary::safeStrlen($bytes);
 

diff --git a/src/OneTime.php b/src/OneTime.php
@@ -6,6 +6,7 @@
     OTPInterface,
     TOTP
 };
+use ParagonIE\HiddenString\HiddenString;
 
 /**
  * Class OneTime
@@ -20,21 +21,21 @@ class OneTime implements MultiFactorInterface
     protected $otp;
 
     /**
-     * @var string
+     * @var HiddenString
      */
     protected $secretKey;
 
     /**
      * FIDOU2F constructor.
      *
-     * @param string $secretKey
+     * @param string|HiddenString $secretKey
      * @param OTPInterface $otp
      */
     public function __construct(
-        string $secretKey = '',
+        $secretKey = '',
         OTPInterface $otp = null
     ) {
-        $this->secretKey = $secretKey;
+        $this->secretKey = ($secretKey instanceof HiddenString) ? $secretKey : new HiddenString($secretKey);
         if (!$otp) {
             $otp = new TOTP();
         }

diff --git a/src/Vendor/GoogleAuth.php b/src/Vendor/GoogleAuth.php
@@ -71,7 +71,7 @@ public function makeQRCode(
         }
         $message .= \urlencode($username);
         $args = [
-            'secret' => Base32::encode($this->secretKey)
+            'secret' => Base32::encode($this->secretKey->getString())
         ];
         if ($issuer) {
             $args['issuer'] = $issuer;