1: <?php
2:
3: /*
4: * Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
5: * Copyright (c) 2013, Taylor Hornby
6: * All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions are met:
10: *
11: * 1. Redistributions of source code must retain the above copyright notice,
12: * this list of conditions and the following disclaimer.
13: *
14: * 2. Redistributions in binary form must reproduce the above copyright notice,
15: * this list of conditions and the following disclaimer in the documentation
16: * and/or other materials provided with the distribution.
17: *
18: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19: * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21: * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22: * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23: * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24: * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25: * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26: * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28: * POSSIBILITY OF SUCH DAMAGE.
29: */
30:
31: class PasswordUtil {
32:
33: // These constants may be changed without breaking existing hashes.
34: CONST PBKDF2_HASH_ALGORITHM = "sha256";
35: CONST PBKDF2_ITERATIONS = 32768;
36: CONST PBKDF2_SALT_BYTES = 24;
37: CONST PBKDF2_HASH_BYTES = 24;
38: //Hash format information, changing will break old hashes
39: CONST HASH_SECTIONS = 4;
40: CONST HASH_ALGORITHM_INDEX = 0;
41: CONST HASH_ITERATION_INDEX = 1;
42: CONST HASH_SALT_INDEX = 2;
43: CONST HASH_PBKDF2_INDEX = 3;
44:
45: public static function createHash($password) {
46: // format: algorithm:iterations:salt:hash
47: $salt = self::createSalt();
48: return self::PBKDF2_HASH_ALGORITHM . ":" . self::PBKDF2_ITERATIONS . ":" . $salt . ":" .
49: base64_encode(self::pbkdf2(
50: self::PBKDF2_HASH_ALGORITHM, $password, $salt, self::PBKDF2_ITERATIONS, self::PBKDF2_HASH_BYTES, true
51: ));
52: }
53:
54: public static function validatePassword($password, $good_hash) {
55: $params = explode(":", $good_hash);
56: if (count($params) < self::HASH_SECTIONS){
57: return false;
58: }
59: $pbkdf2 = base64_decode($params[self::HASH_PBKDF2_INDEX]);
60: return self::slowEquals(
61: $pbkdf2, self::pbkdf2(
62: $params[self::HASH_ALGORITHM_INDEX], $password, $params[self::HASH_SALT_INDEX], (int) $params[self::HASH_ITERATION_INDEX], strlen($pbkdf2), true
63: )
64: );
65: }
66:
67: // Compares two strings $a and $b in length-constant time.
68: public static function slowEquals($a, $b) {
69: if(!is_string($a) || !is_string($b)){
70: return false;
71: }
72: $diff = strlen($a) ^ strlen($b);
73: for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) {
74: $diff |= ord($a[$i]) ^ ord($b[$i]);
75: }
76: return $diff === 0;
77: }
78:
79: /*
80: * PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt
81: * $algorithm - The hash algorithm to use. Recommended: SHA256
82: * $password - The password.
83: * $salt - A salt that is unique to the password.
84: * $count - Iteration count. Higher is better, but slower. Recommended: At least 1000.
85: * $key_length - The length of the derived key in bytes.
86: * $raw_output - If true, the key is returned in raw binary format. Hex encoded otherwise.
87: * Returns: A $key_length-byte key derived from the password and salt.
88: *
89: * Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt
90: *
91: * This implementation of PBKDF2 was originally created by https://defuse.ca
92: * With improvements by http://www.variations-of-shadow.com
93: */
94:
95: public static function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false) {
96: $algorithm = strtolower($algorithm);
97: if (!in_array($algorithm, hash_algos(), true)) {
98: throw new CException('PBKDF2 ERROR: Invalid hash algorithm.', 500);
99: }
100: if ($count <= 0 || $key_length <= 0) {
101: throw new CException('PBKDF2 ERROR: Invalid parameters.', 500);
102: }
103: $hash_length = strlen(hash($algorithm, "", true));
104: $block_count = ceil($key_length / $hash_length);
105: $output = "";
106: for ($i = 1; $i <= $block_count; $i++) {
107: // $i encoded as 4 bytes, big endian.
108: $last = $salt . pack("N", $i);
109: // first iteration
110: $last = $xorsum = hash_hmac($algorithm, $last, $password, true);
111: // perform the other $count - 1 iterations
112: for ($j = 1; $j < $count; $j++) {
113: $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
114: }
115: $output .= $xorsum;
116: }
117: if ($raw_output) {
118: return substr($output, 0, $key_length);
119: } else {
120: return bin2hex(substr($output, 0, $key_length));
121: }
122: }
123:
124: public static function createSalt() {
125: if (function_exists('mcrypt_create_iv')) {
126: return base64_encode(mcrypt_create_iv(self::PBKDF2_SALT_BYTES,
127: MCRYPT_DEV_URANDOM));
128: } elseif (function_exists('openssl_random_pseudo_bytes')) {
129: $random = openssl_random_pseudo_bytes(self::PBKDF2_SALT_BYTES, $strong);
130: if ($strong === true) {
131: return base64_encode($random);
132: }
133: }
134: $sha ='';
135: $random ='';
136: if(file_exists('/dev/urandom')){
137: $fp = @fopen('/dev/urandom', 'rb');
138: if($fp){
139: if (function_exists('stream_set_read_buffer')) {
140: stream_set_read_buffer($fp, 0);
141: }
142: $sha = fread($fp, self::PBKDF2_SALT_BYTES);
143: fclose($fp);
144: }
145: }
146: for ($i = 0; $i < self::PBKDF2_SALT_BYTES; $i++) {
147: $sha = hash('sha256', $sha . mt_rand());
148: $char = mt_rand(0, 62);
149: $random .= chr(hexdec($sha[$char] . $sha[$char + 1]));
150: }
151: return base64_encode($random);
152: }
153:
154: }
155: