makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/passwords] Use common salt generation function for all types

Browse source 
We will be using the same method inside the driver helper class for all hash
types. This is the same function that has been used for the salted md5 hash
of phpBB 3.0.

PHPBB3-11610
This commit is contained in:
Marc Alexander 2013-06-15 16:25:03 +02:00
parent 5574b2a8e9
commit 3f70699aa3
3 changed files with 47 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/crypto/driver/bcrypt.php
View file

@ -81,6 +81,6 @@ class phpbb_crypto_driver_bcrypt extends phpbb_crypto_driver_base
*/ */
protected function get_random_salt() protected function get_random_salt()
{ {
return substr(str_replace('+', '.', bin2hex(openssl_random_pseudo_bytes(22))), 0, 22); return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22);
} }
} }

47
phpBB/includes/crypto/driver/helper.php
View file

@ -23,6 +23,12 @@ class phpbb_crypto_driver_helper
/** @var phpbb_config */ /** @var phpbb_config */
protected $driver; protected $driver;
/**
* base64 alphabet
* @var string
*/
public $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
/** /**
* Constructor of crypto driver helper object * Constructor of crypto driver helper object
*/ */
@ -36,11 +42,10 @@ class phpbb_crypto_driver_helper
* *
* @param string $input Input string * @param string $input Input string
* @param int $count Input string length * @param int $count Input string length
* @param string $itoa64 Allowed characters string
* *
* @return string base64 encoded string * @return string base64 encoded string
*/ */
public function hash_encode64($input, $count, &$itoa64) public function hash_encode64($input, $count)
{ {
$output = ''; $output = '';
$i = 0; $i = 0;
@ -48,14 +53,14 @@ class phpbb_crypto_driver_helper
do do
{ {
$value = ord($input[$i++]); $value = ord($input[$i++]);
$output .= $itoa64[$value & 0x3f]; $output .= $this->itoa64[$value & 0x3f];
if ($i < $count) if ($i < $count)
{ {
$value |= ord($input[$i]) << 8; $value |= ord($input[$i]) << 8;
} }
$output .= $itoa64[($value >> 6) & 0x3f]; $output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count) if ($i++ >= $count)
{ {
@ -67,14 +72,14 @@ class phpbb_crypto_driver_helper
$value |= ord($input[$i]) << 16; $value |= ord($input[$i]) << 16;
} }
$output .= $itoa64[($value >> 12) & 0x3f]; $output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count) if ($i++ >= $count)
{ {
break; break;
} }
$output .= $itoa64[($value >> 18) & 0x3f]; $output .= $this->itoa64[($value >> 18) & 0x3f];
} }
while ($i < $count); while ($i < $count);
@ -105,4 +110,34 @@ class phpbb_crypto_driver_helper
return substr($val, 4, 16); return substr($val, 4, 16);
} }
/**
* Get random salt with specified length
*
* @param int $length Salt length
*/
public function get_random_salt($length)
{
$random = '';
if (($fh = @fopen('/dev/urandom', 'rb')))
{
$random = fread($fh, $length);
fclose($fh);
}
if (strlen($random) < $length)
{
$random = '';
$random_state = $this->helper->unique_id();
for ($i = 0; $i < $length; $i += 16)
{
$random_state = md5($this->helper->unique_id() . $random_state);
$random .= pack('H*', md5($random_state));
}
$random = substr($random, 0, $length);
}
return $random;
}
} }

29
phpBB/includes/crypto/driver/salted_md5.php
View file

@ -20,8 +20,6 @@ if (!defined('IN_PHPBB'))
*/ */
class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base
{ {
protected $itoa = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
const PREFIX = '$H$'; const PREFIX = '$H$';
/** /**
@ -68,7 +66,7 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base
while (--$settings['count']); while (--$settings['count']);
$output = $settings['full']; $output = $settings['full'];
$output .= $this->helper->hash_encode64($hash, 16, $this->itoa); $output .= $this->helper->hash_encode64($hash, 16);
if (strlen($output) == 34) if (strlen($output) == 34)
{ {
@ -108,28 +106,11 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base
$random = ''; $random = '';
$count = 6; $count = 6;
if (($fh = @fopen('/dev/urandom', 'rb'))) $random = $this->helper->get_random_salt($count);
{
$random = fread($fh, $count);
fclose($fh);
}
if (strlen($random) < $count)
{
$random = '';
$random_state = $this->helper->unique_id();
for ($i = 0; $i < $count; $i += 16)
{
$random_state = md5($this->helper->unique_id() . $random_state);
$random .= pack('H*', md5($random_state));
}
$random = substr($random, 0, $count);
}
$salt = '$H$'; $salt = '$H$';
$salt .= $this->itoa[min($count + 5, 30)]; $salt .= $this->helper->itoa64[min($count + 5, 30)];
$salt .= $this->helper->hash_encode64($random, 6, $this->itoa); $salt .= $this->helper->hash_encode64($random, $count);
return $salt; return $salt;
} }
@ -146,7 +127,7 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base
{ {
return false; return false;
} }
$count_log2 = strpos($this->itoa, $hash[3]); $count_log2 = strpos($this->helper->itoa64, $hash[3]);
$salt = substr($hash, 4, 8); $salt = substr($hash, 4, 8);
if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8) if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8)