MediaWiki REL1_31
Pbkdf2Password.php
Go to the documentation of this file.
1<?php
31class Pbkdf2Password extends ParameterizedPassword {
32 protected function getDefaultParams() {
33 return [
34 'algo' => $this->config['algo'],
35 'rounds' => $this->config['cost'],
36 'length' => $this->config['length']
37 ];
38 }
39
40 protected function getDelimiter() {
41 return ':';
42 }
43
44 protected function shouldUseHashExtension() {
45 return isset( $this->config['use-hash-extension'] ) ?
46 $this->config['use-hash-extension'] : function_exists( 'hash_pbkdf2' );
47 }
48
49 public function crypt( $password ) {
50 if ( count( $this->args ) == 0 ) {
51 $this->args[] = base64_encode( MWCryptRand::generate( 16, true ) );
52 }
53
54 if ( $this->shouldUseHashExtension() ) {
55 $hash = hash_pbkdf2(
56 $this->params['algo'],
57 $password,
58 base64_decode( $this->args[0] ),
59 (int)$this->params['rounds'],
60 (int)$this->params['length'],
61 true
62 );
63 if ( !is_string( $hash ) ) {
64 throw new PasswordError( 'Error when hashing password.' );
65 }
66 } else {
67 $hashLenHash = hash( $this->params['algo'], '', true );
68 if ( !is_string( $hashLenHash ) ) {
69 throw new PasswordError( 'Error when hashing password.' );
70 }
71 $hashLen = strlen( $hashLenHash );
72 $blockCount = ceil( $this->params['length'] / $hashLen );
73
74 $hash = '';
75 $salt = base64_decode( $this->args[0] );
76 for ( $i = 1; $i <= $blockCount; ++$i ) {
77 $roundTotal = $lastRound = hash_hmac(
78 $this->params['algo'],
79 $salt . pack( 'N', $i ),
80 $password,
81 true
82 );
83
84 for ( $j = 1; $j < $this->params['rounds']; ++$j ) {
85 $lastRound = hash_hmac( $this->params['algo'], $lastRound, $password, true );
86 $roundTotal ^= $lastRound;
87 }
88
89 $hash .= $roundTotal;
90 }
91
92 $hash = substr( $hash, 0, $this->params['length'] );
93 }
94
95 $this->hash = base64_encode( $hash );
96 }
97}
MWCryptRand\generate
static generate( $bytes, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in raw binary form.
Definition MWCryptRand.php:60
ParameterizedPassword
Helper class for password hash types that have a delimited set of parameters inside of the hash.
Definition ParameterizedPassword.php:38
PasswordError
Show an error when any operation involving passwords fails to run.
Definition PasswordError.php:26
Password\$hash
string $hash
String representation of the hash without the type.
Definition Password.php:76
Pbkdf2Password
A PBKDF2-hashed password.
Definition Pbkdf2Password.php:31
Pbkdf2Password\crypt
crypt( $password)
Hash a password and store the result in this object.
Definition Pbkdf2Password.php:49
Pbkdf2Password\getDefaultParams
getDefaultParams()
Return an ordered array of default parameters for this password hash.
Definition Pbkdf2Password.php:32
Pbkdf2Password\getDelimiter
getDelimiter()
Returns the delimiter for the parameters inside the hash.
Definition Pbkdf2Password.php:40