MediaWiki REL1_32
Pbkdf2Password.php
Go to the documentation of this file.
1<?php
31class Pbkdf2Password extends ParameterizedPassword {
32 protected function getDefaultParams() {
33 return [
34 'algo' => $this->config['algo'],
35 'rounds' => $this->config['cost'],
36 'length' => $this->config['length']
37 ];
38 }
39
40 protected function getDelimiter() {
41 return ':';
42 }
43
44 protected function shouldUseHashExtension() {
45 return $this->config['use-hash-extension'] ?? function_exists( 'hash_pbkdf2' );
46 }
47
48 public function crypt( $password ) {
49 if ( count( $this->args ) == 0 ) {
50 $this->args[] = base64_encode( random_bytes( 16 ) );
51 }
52
53 if ( $this->shouldUseHashExtension() ) {
54 $hash = hash_pbkdf2(
55 $this->params['algo'],
56 $password,
57 base64_decode( $this->args[0] ),
58 (int)$this->params['rounds'],
59 (int)$this->params['length'],
60 true
61 );
62 if ( !is_string( $hash ) ) {
63 throw new PasswordError( 'Error when hashing password.' );
64 }
65 } else {
66 $hashLenHash = hash( $this->params['algo'], '', true );
67 if ( !is_string( $hashLenHash ) ) {
68 throw new PasswordError( 'Error when hashing password.' );
69 }
70 $hashLen = strlen( $hashLenHash );
71 $blockCount = ceil( $this->params['length'] / $hashLen );
72
73 $hash = '';
74 $salt = base64_decode( $this->args[0] );
75 for ( $i = 1; $i <= $blockCount; ++$i ) {
76 $roundTotal = $lastRound = hash_hmac(
77 $this->params['algo'],
78 $salt . pack( 'N', $i ),
79 $password,
80 true
81 );
82
83 for ( $j = 1; $j < $this->params['rounds']; ++$j ) {
84 $lastRound = hash_hmac( $this->params['algo'], $lastRound, $password, true );
85 $roundTotal ^= $lastRound;
86 }
87
88 $hash .= $roundTotal;
89 }
90
91 $hash = substr( $hash, 0, $this->params['length'] );
92 }
93
94 $this->hash = base64_encode( $hash );
95 }
96}
ParameterizedPassword
Helper class for password hash types that have a delimited set of parameters inside of the hash.
Definition ParameterizedPassword.php:38
PasswordError
Show an error when any operation involving passwords fails to run.
Definition PasswordError.php:26
Password\$hash
string $hash
String representation of the hash without the type.
Definition Password.php:76
Pbkdf2Password
A PBKDF2-hashed password.
Definition Pbkdf2Password.php:31
Pbkdf2Password\crypt
crypt( $password)
Hash a password and store the result in this object.
Definition Pbkdf2Password.php:48
Pbkdf2Password\getDefaultParams
getDefaultParams()
Return an ordered array of default parameters for this password hash.
Definition Pbkdf2Password.php:32
Pbkdf2Password\getDelimiter
getDelimiter()
Returns the delimiter for the parameters inside the hash.
Definition Pbkdf2Password.php:40