[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Implements the BcryptPassword class for the MediaWiki software.
   4   *
   5   * This program is free software; you can redistribute it and/or modify
   6   * it under the terms of the GNU General Public License as published by
   7   * the Free Software Foundation; either version 2 of the License, or
   8   * (at your option) any later version.
   9   *
  10   * This program is distributed in the hope that it will be useful,
  11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13   * GNU General Public License for more details.
  14   *
  15   * You should have received a copy of the GNU General Public License along
  16   * with this program; if not, write to the Free Software Foundation, Inc.,
  17   * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18   * http://www.gnu.org/copyleft/gpl.html
  19   *
  20   * @file
  21   */
  22  
  23  /**
  24   * A Bcrypt-hashed password
  25   *
  26   * This is a computationally complex password hash for use in modern applications.
  27   * The number of rounds can be configured by $wgPasswordConfig['bcrypt']['cost'].
  28   *
  29   * @since 1.24
  30   */
  31  class BcryptPassword extends ParameterizedPassword {
  32  	protected function getDefaultParams() {
  33          return array(
  34              'rounds' => $this->config['cost'],
  35          );
  36      }
  37  
  38  	protected function getDelimiter() {
  39          return '$';
  40      }
  41  
  42  	protected function parseHash( $hash ) {
  43          parent::parseHash( $hash );
  44  
  45          $this->params['rounds'] = (int)$this->params['rounds'];
  46      }
  47  
  48      /**
  49       * @param string $password Password to encrypt
  50       *
  51       * @throws PasswordError If bcrypt has an unknown error
  52       * @throws MWException If bcrypt is not supported by PHP
  53       */
  54  	public function crypt( $password ) {
  55          if ( !defined( 'CRYPT_BLOWFISH' ) ) {
  56              throw new MWException( 'Bcrypt is not supported.' );
  57          }
  58  
  59          // Either use existing hash or make a new salt
  60          // Bcrypt expects 22 characters of base64-encoded salt
  61          // Note: bcrypt does not use MIME base64. It uses its own base64 without any '=' padding.
  62          //       It expects a 128 bit salt, so it will ignore anything after the first 128 bits
  63          if ( !isset( $this->args[0] ) ) {
  64              $this->args[] = substr(
  65                  // Replace + with ., because bcrypt uses a non-MIME base64 format
  66                  strtr(
  67                      // Random base64 encoded string
  68                      base64_encode( MWCryptRand::generate( 16, true ) ),
  69                      '+', '.'
  70                  ),
  71                  0, 22
  72              );
  73          }
  74  
  75          $hash = crypt( $password,
  76              sprintf( '$2y$%02d$%s', (int)$this->params['rounds'], $this->args[0] ) );
  77  
  78          if ( !is_string( $hash ) || strlen( $hash ) <= 13 ) {
  79              throw new PasswordError( 'Error when hashing password.' );
  80          }
  81  
  82          // Strip the $2y$
  83          $parts = explode( $this->getDelimiter(), substr( $hash, 4 ) );
  84          $this->params['rounds'] = (int)$parts[0];
  85          $this->args[0] = substr( $parts[1], 0, 22 );
  86          $this->hash = substr( $parts[1], 22 );
  87      }
  88  }