dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Rename autonym for 'no' from 'norsk bokmål' to 'norsk'"
[lhc/web/wiklou.git] / includes / password / Pbkdf2Password.php
1 <?php
2 /**
3 * Implements the Pbkdf2Password class for the MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * A PBKDF2-hashed password
25 *
26 * This is a computationally complex password hash for use in modern applications.
27 * The number of rounds can be configured by $wgPasswordConfig['pbkdf2']['cost'].
28 *
29 * @since 1.24
30 */
31 class Pbkdf2Password extends ParameterizedPassword {
32 protected function getDefaultParams() {
33 return [
34 'algo' => $this->config['algo'],
35 'rounds' => $this->config['cost'],
36 'length' => $this->config['length']
37 ];
38 }
39
40 protected function getDelimiter() {
41 return ':';
42 }
43
44 protected function shouldUseHashExtension() {
45 return isset( $this->config['use-hash-extension'] ) ?
46 $this->config['use-hash-extension'] : function_exists( 'hash_pbkdf2' );
47 }
48
49 public function crypt( $password ) {
50 if ( count( $this->args ) == 0 ) {
51 $this->args[] = base64_encode( MWCryptRand::generate( 16, true ) );
52 }
53
54 if ( $this->shouldUseHashExtension() ) {
55 $hash = hash_pbkdf2(
56 $this->params['algo'],
57 $password,
58 base64_decode( $this->args[0] ),
59 (int)$this->params['rounds'],
60 (int)$this->params['length'],
61 true
62 );
63 if ( !is_string( $hash ) ) {
64 throw new PasswordError( 'Error when hashing password.' );
65 }
66 } else {
67 $hashLenHash = hash( $this->params['algo'], '', true );
68 if ( !is_string( $hashLenHash ) ) {
69 throw new PasswordError( 'Error when hashing password.' );
70 }
71 $hashLen = strlen( $hashLenHash );
72 $blockCount = ceil( $this->params['length'] / $hashLen );
73
74 $hash = '';
75 $salt = base64_decode( $this->args[0] );
76 for ( $i = 1; $i <= $blockCount; ++$i ) {
77 $roundTotal = $lastRound = hash_hmac(
78 $this->params['algo'],
79 $salt . pack( 'N', $i ),
80 $password,
81 true
82 );
83
84 for ( $j = 1; $j < $this->params['rounds']; ++$j ) {
85 $lastRound = hash_hmac( $this->params['algo'], $lastRound, $password, true );
86 $roundTotal ^= $lastRound;
87 }
88
89 $hash .= $roundTotal;
90 }
91
92 $hash = substr( $hash, 0, $this->params['length'] );
93 }
94
95 $this->hash = base64_encode( $hash );
96 }
97 }
Wiklou, le Wiki du Wiklou