includes/utils/MWCryptRand.php

   1 <?php
   2 /**
   3  * A cryptographic random generator class used for generating secret keys
   4  *
   5  * This is based in part on Drupal code as well as what we used in our own code
   6  * prior to introduction of this class.
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License along
  19  * with this program; if not, write to the Free Software Foundation, Inc.,
  20  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  21  * http://www.gnu.org/copyleft/gpl.html
  22  *
  23  * @author Daniel Friesen
  24  * @file
  25  */
  26
  27 class MWCryptRand {
  28
  29         /**
  30          * Generate a run of cryptographically random data and return
  31          * it in hexadecimal string format.
  32          *
  33          * @param int $chars The number of hex chars of random data to generate
  34          * @return string Hexadecimal random data
  35          */
  36         public static function generateHex( $chars ) {
  37                 // hex strings are 2x the length of raw binary so we divide the length in half
  38                 // odd numbers will result in a .5 that leads the generate() being 1 character
  39                 // short, so we use ceil() to ensure that we always have enough bytes
  40                 $bytes = ceil( $chars / 2 );
  41                 // Generate the data and then convert it to a hex string
  42                 $hex = bin2hex( random_bytes( $bytes ) );
  43
  44                 // A bit of paranoia here, the caller asked for a specific length of string
  45                 // here, and it's possible (eg when given an odd number) that we may actually
  46                 // have at least 1 char more than they asked for. Just in case they made this
  47                 // call intending to insert it into a database that does truncation we don't
  48                 // want to give them too much and end up with their database and their live
  49                 // code having two different values because part of what we gave them is truncated
  50                 // hence, we strip out any run of characters longer than what we were asked for.
  51                 return substr( $hex, 0, $chars );
  52         }
  53 }