[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Implements the Pbkdf2Password class for the MediaWiki software.
   4   *
   5   * This program is free software; you can redistribute it and/or modify
   6   * it under the terms of the GNU General Public License as published by
   7   * the Free Software Foundation; either version 2 of the License, or
   8   * (at your option) any later version.
   9   *
  10   * This program is distributed in the hope that it will be useful,
  11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13   * GNU General Public License for more details.
  14   *
  15   * You should have received a copy of the GNU General Public License along
  16   * with this program; if not, write to the Free Software Foundation, Inc.,
  17   * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18   * http://www.gnu.org/copyleft/gpl.html
  19   *
  20   * @file
  21   */
  22  
  23  /**
  24   * A PBKDF2-hashed password
  25   *
  26   * This is a computationally complex password hash for use in modern applications.
  27   * The number of rounds can be configured by $wgPasswordConfig['pbkdf2']['cost'].
  28   *
  29   * @since 1.24
  30   */
  31  class Pbkdf2Password extends ParameterizedPassword {
  32  	protected function getDefaultParams() {
  33          return array(
  34              'algo' => $this->config['algo'],
  35              'rounds' => $this->config['cost'],
  36              'length' => $this->config['length']
  37          );
  38      }
  39  
  40  	protected function getDelimiter() {
  41          return ':';
  42      }
  43  
  44  	public function crypt( $password ) {
  45          if ( count( $this->args ) == 0 ) {
  46              $this->args[] = base64_encode( MWCryptRand::generate( 16, true ) );
  47          }
  48  
  49          if ( function_exists( 'hash_pbkdf2' ) ) {
  50              $hash = hash_pbkdf2(
  51                  $this->params['algo'],
  52                  $password,
  53                  base64_decode( $this->args[0] ),
  54                  (int)$this->params['rounds'],
  55                  (int)$this->params['length'],
  56                  true
  57              );
  58          } else {
  59              $hashLen = strlen( hash( $this->params['algo'], '', true ) );
  60              $blockCount = ceil( $this->params['length'] / $hashLen );
  61  
  62              $hash = '';
  63              $salt = base64_decode( $this->args[0] );
  64              for ( $i = 1; $i <= $blockCount; ++$i ) {
  65                  $roundTotal = $lastRound = hash_hmac(
  66                      $this->params['algo'],
  67                      $salt . pack( 'N', $i ),
  68                      $password,
  69                      true
  70                  );
  71  
  72                  for ( $j = 1; $j < $this->params['rounds']; ++$j ) {
  73                      $lastRound = hash_hmac( $this->params['algo'], $lastRound, $password, true );
  74                      $roundTotal ^= $lastRound;
  75                  }
  76  
  77                  $hash .= $roundTotal;
  78              }
  79  
  80              $hash = substr( $hash, 0, $this->params['length'] );
  81          }
  82  
  83          $this->hash = base64_encode( $hash );
  84      }
  85  }