mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 06:08:52 +00:00
[feature/passwords] Use common salt generation function for all types
We will be using the same method inside the driver helper class for all hash types. This is the same function that has been used for the salted md5 hash of phpBB 3.0. PHPBB3-11610
This commit is contained in:
Marc Alexander
parent
5574b2a8e9
commit
3f70699aa3
3 changed files with 47 additions and 31 deletions
|
|
@ -81,6 +81,6 @@ class phpbb_crypto_driver_bcrypt extends phpbb_crypto_driver_base
|
|||
*/
|
||||
protected function get_random_salt()
|
||||
{
|
||||
return substr(str_replace('+', '.', bin2hex(openssl_random_pseudo_bytes(22))), 0, 22);
|
||||
return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,12 @@ class phpbb_crypto_driver_helper
|
|||
/** @var phpbb_config */
|
||||
protected $driver;
|
||||
|
||||
/**
|
||||
* base64 alphabet
|
||||
* @var string
|
||||
*/
|
||||
public $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
|
||||
|
||||
/**
|
||||
* Constructor of crypto driver helper object
|
||||
*/
|
||||
|
|
@ -36,11 +42,10 @@ class phpbb_crypto_driver_helper
|
|||
*
|
||||
* @param string $input Input string
|
||||
* @param int $count Input string length
|
||||
* @param string $itoa64 Allowed characters string
|
||||
*
|
||||
* @return string base64 encoded string
|
||||
*/
|
||||
public function hash_encode64($input, $count, &$itoa64)
|
||||
public function hash_encode64($input, $count)
|
||||
{
|
||||
$output = '';
|
||||
$i = 0;
|
||||
|
|
@ -48,14 +53,14 @@ class phpbb_crypto_driver_helper
|
|||
do
|
||||
{
|
||||
$value = ord($input[$i++]);
|
||||
$output .= $itoa64[$value & 0x3f];
|
||||
$output .= $this->itoa64[$value & 0x3f];
|
||||
|
||||
if ($i < $count)
|
||||
{
|
||||
$value |= ord($input[$i]) << 8;
|
||||
}
|
||||
|
||||
$output .= $itoa64[($value >> 6) & 0x3f];
|
||||
$output .= $this->itoa64[($value >> 6) & 0x3f];
|
||||
|
||||
if ($i++ >= $count)
|
||||
{
|
||||
|
|
@ -67,14 +72,14 @@ class phpbb_crypto_driver_helper
|
|||
$value |= ord($input[$i]) << 16;
|
||||
}
|
||||
|
||||
$output .= $itoa64[($value >> 12) & 0x3f];
|
||||
$output .= $this->itoa64[($value >> 12) & 0x3f];
|
||||
|
||||
if ($i++ >= $count)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
$output .= $itoa64[($value >> 18) & 0x3f];
|
||||
$output .= $this->itoa64[($value >> 18) & 0x3f];
|
||||
}
|
||||
while ($i < $count);
|
||||
|
||||
|
|
@ -105,4 +110,34 @@ class phpbb_crypto_driver_helper
|
|||
|
||||
return substr($val, 4, 16);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get random salt with specified length
|
||||
*
|
||||
* @param int $length Salt length
|
||||
*/
|
||||
public function get_random_salt($length)
|
||||
{
|
||||
$random = '';
|
||||
|
||||
if (($fh = @fopen('/dev/urandom', 'rb')))
|
||||
{
|
||||
$random = fread($fh, $length);
|
||||
fclose($fh);
|
||||
}
|
||||
|
||||
if (strlen($random) < $length)
|
||||
{
|
||||
$random = '';
|
||||
$random_state = $this->helper->unique_id();
|
||||
|
||||
for ($i = 0; $i < $length; $i += 16)
|
||||
{
|
||||
$random_state = md5($this->helper->unique_id() . $random_state);
|
||||
$random .= pack('H*', md5($random_state));
|
||||
}
|
||||
$random = substr($random, 0, $length);
|
||||
}
|
||||
return $random;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,8 +20,6 @@ if (!defined('IN_PHPBB'))
|
|||
*/
|
||||
class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base
|
||||
{
|
||||
protected $itoa = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
|
||||
|
||||
const PREFIX = '$H$';
|
||||
|
||||
/**
|
||||
|
|
@ -68,7 +66,7 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base
|
|||
while (--$settings['count']);
|
||||
|
||||
$output = $settings['full'];
|
||||
$output .= $this->helper->hash_encode64($hash, 16, $this->itoa);
|
||||
$output .= $this->helper->hash_encode64($hash, 16);
|
||||
|
||||
if (strlen($output) == 34)
|
||||
{
|
||||
|
|
@ -108,28 +106,11 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base
|
|||
$random = '';
|
||||
$count = 6;
|
||||
|
||||
if (($fh = @fopen('/dev/urandom', 'rb')))
|
||||
{
|
||||
$random = fread($fh, $count);
|
||||
fclose($fh);
|
||||
}
|
||||
|
||||
if (strlen($random) < $count)
|
||||
{
|
||||
$random = '';
|
||||
$random_state = $this->helper->unique_id();
|
||||
|
||||
for ($i = 0; $i < $count; $i += 16)
|
||||
{
|
||||
$random_state = md5($this->helper->unique_id() . $random_state);
|
||||
$random .= pack('H*', md5($random_state));
|
||||
}
|
||||
$random = substr($random, 0, $count);
|
||||
}
|
||||
$random = $this->helper->get_random_salt($count);
|
||||
|
||||
$salt = '$H$';
|
||||
$salt .= $this->itoa[min($count + 5, 30)];
|
||||
$salt .= $this->helper->hash_encode64($random, 6, $this->itoa);
|
||||
$salt .= $this->helper->itoa64[min($count + 5, 30)];
|
||||
$salt .= $this->helper->hash_encode64($random, $count);
|
||||
|
||||
return $salt;
|
||||
}
|
||||
|
|
@ -146,7 +127,7 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base
|
|||
{
|
||||
return false;
|
||||
}
|
||||
$count_log2 = strpos($this->itoa, $hash[3]);
|
||||
$count_log2 = strpos($this->helper->itoa64, $hash[3]);
|
||||
$salt = substr($hash, 4, 8);
|
||||
|
||||
if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue