SpaHost · March 20, 2017 07:41 · DjYXA · Sep 27, 2015
diff --git a/SCRAM-SHA-1 Validator for XMPP Prosody b/SCRAM-SHA-1 Validator for XMPP Prosody
 <?php
 // SCRAM-SHA-1 Validator PHP
 //
 // PHP 5.5.0 or greater required
 //
 // Lorenzo J. Gonzalez
 // A.k.a: SpaHost
 // Xmpp: [email protected]
 //
 // Thanks to [email protected] for helping me and repeat everytime this and this:
 //  - http://tools.ietf.org/html/rfc5802
 //  - https://www.zash.se/scram.dia.png

 // HMAC-SHA-1 Implementation from http://es1.php.net/hash_hmac (josefkoh at hotmail dot com)
 function hmac_sha1($key, $data) {
    // Adjust key to exactly 64 bytes
    if (strlen($key) > 64) {
        $key = str_pad(sha1($key, true), 64, chr(0));
    }
    if (strlen($key) < 64) {
        $key = str_pad($key, 64, chr(0));
    }

    // Outter and Inner pad
    $opad = str_repeat(chr(0x5C), 64);
    $ipad = str_repeat(chr(0x36), 64);

    // Xor key with opad & ipad
    for ($i = 0; $i < strlen($key); $i++) {
        $opad[$i] = $opad[$i] ^ $key[$i];
        $ipad[$i] = $ipad[$i] ^ $key[$i];
    }

    return sha1($opad.sha1($ipad.$data, true));
 }

 $plain_password = 'example_password';
 $internal_salt = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'; // SQL->accounts->salt->string
 $internal_iteration = '4096'; // SQL->accounts-iteration_count->number
 $internal_server_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; // SQL->accounts->server_key->string
 $internal_stored_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; // SQL->accounts->stored_key->string

 // Lets do the magic
 $new_salted_password = hash_pbkdf2('sha1', $plain_password , $internal_salt, $internal_iteration, 0, true);
 $new_server_key = hmac_sha1($new_salted_password, 'Server Key');
 $new_client_key = hmac_sha1($new_salted_password, 'Client Key');
 $new_stored_key = sha1(hex2bin($new_client_key));

 // Check it
 if ($new_server_key == $internal_server_key){
    echo 'Valid Server Key';
 } else {
    echo 'Try Again';
 }

 if ($new_stored_key == $internal_stored_key){
    echo 'Valid Stored Key';
 } else {
    echo 'Try Again';
 }

 ?>
	<?php
	// SCRAM-SHA-1 Validator PHP
	//
	// PHP 5.5.0 or greater required
	//
	// Lorenzo J. Gonzalez
	// A.k.a: SpaHost
	// Xmpp: [email protected]
	//
	// Thanks to [email protected] for helping me and repeat everytime this and this:
	// - http://tools.ietf.org/html/rfc5802
	// - https://www.zash.se/scram.dia.png

	// HMAC-SHA-1 Implementation from http://es1.php.net/hash_hmac (josefkoh at hotmail dot com)
	function hmac_sha1($key, $data) {
	// Adjust key to exactly 64 bytes
	if (strlen($key) > 64) {
	$key = str_pad(sha1($key, true), 64, chr(0));
	}
	if (strlen($key) < 64) {
	$key = str_pad($key, 64, chr(0));
	}

	// Outter and Inner pad
	$opad = str_repeat(chr(0x5C), 64);
	$ipad = str_repeat(chr(0x36), 64);

	// Xor key with opad & ipad
	for ($i = 0; $i < strlen($key); $i++) {
	$opad[$i] = $opad[$i] ^ $key[$i];
	$ipad[$i] = $ipad[$i] ^ $key[$i];
	}

	return sha1($opad.sha1($ipad.$data, true));
	}

	$plain_password = 'example_password';
	$internal_salt = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'; // SQL->accounts->salt->string
	$internal_iteration = '4096'; // SQL->accounts-iteration_count->number
	$internal_server_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; // SQL->accounts->server_key->string
	$internal_stored_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; // SQL->accounts->stored_key->string

	// Lets do the magic
	$new_salted_password = hash_pbkdf2('sha1', $plain_password , $internal_salt, $internal_iteration, 0, true);
	$new_server_key = hmac_sha1($new_salted_password, 'Server Key');
	$new_client_key = hmac_sha1($new_salted_password, 'Client Key');
	$new_stored_key = sha1(hex2bin($new_client_key));

	// Check it
	if ($new_server_key == $internal_server_key){
	echo 'Valid Server Key';
	} else {
	echo 'Try Again';
	}

	if ($new_stored_key == $internal_stored_key){
	echo 'Valid Stored Key';
	} else {
	echo 'Try Again';
	}

	?>