diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2013-06-15 16:25:03 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2013-09-14 13:52:43 +0200 |
| commit | 3f70699aa378cce091c441bb4c06c38866ff10a9 (patch) | |
| tree | 6686b1f4d90d1d7633524848fe536743e6b9cb75 | |
| parent | 5574b2a8e995b998910689fe7cb5b44c54cff0c7 (diff) | |
| download | forums-3f70699aa378cce091c441bb4c06c38866ff10a9.tar forums-3f70699aa378cce091c441bb4c06c38866ff10a9.tar.gz forums-3f70699aa378cce091c441bb4c06c38866ff10a9.tar.bz2 forums-3f70699aa378cce091c441bb4c06c38866ff10a9.tar.xz forums-3f70699aa378cce091c441bb4c06c38866ff10a9.zip | |
[feature/passwords] Use common salt generation function for all types
We will be using the same method inside the driver helper class for all hash
types. This is the same function that has been used for the salted md5 hash
of phpBB 3.0.
PHPBB3-11610
| -rw-r--r-- | phpBB/includes/crypto/driver/bcrypt.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/crypto/driver/helper.php | 47 | ||||
| -rw-r--r-- | phpBB/includes/crypto/driver/salted_md5.php | 29 |
3 files changed, 47 insertions, 31 deletions
diff --git a/phpBB/includes/crypto/driver/bcrypt.php b/phpBB/includes/crypto/driver/bcrypt.php index 82ff2fb844..d98bf8c940 100644 --- a/phpBB/includes/crypto/driver/bcrypt.php +++ b/phpBB/includes/crypto/driver/bcrypt.php @@ -81,6 +81,6 @@ class phpbb_crypto_driver_bcrypt extends phpbb_crypto_driver_base */ protected function get_random_salt() { - return substr(str_replace('+', '.', bin2hex(openssl_random_pseudo_bytes(22))), 0, 22); + return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22); } } diff --git a/phpBB/includes/crypto/driver/helper.php b/phpBB/includes/crypto/driver/helper.php index 2931058629..3eafdf1ecc 100644 --- a/phpBB/includes/crypto/driver/helper.php +++ b/phpBB/includes/crypto/driver/helper.php @@ -24,6 +24,12 @@ class phpbb_crypto_driver_helper protected $driver; /** + * base64 alphabet + * @var string + */ + public $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; + + /** * Constructor of crypto driver helper object */ public function __construct($driver) @@ -36,11 +42,10 @@ class phpbb_crypto_driver_helper * * @param string $input Input string * @param int $count Input string length - * @param string $itoa64 Allowed characters string * * @return string base64 encoded string */ - public function hash_encode64($input, $count, &$itoa64) + public function hash_encode64($input, $count) { $output = ''; $i = 0; @@ -48,14 +53,14 @@ class phpbb_crypto_driver_helper do { $value = ord($input[$i++]); - $output .= $itoa64[$value & 0x3f]; + $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) { $value |= ord($input[$i]) << 8; } - $output .= $itoa64[($value >> 6) & 0x3f]; + $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) { @@ -67,14 +72,14 @@ class phpbb_crypto_driver_helper $value |= ord($input[$i]) << 16; } - $output .= $itoa64[($value >> 12) & 0x3f]; + $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) { break; } - $output .= $itoa64[($value >> 18) & 0x3f]; + $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); @@ -105,4 +110,34 @@ class phpbb_crypto_driver_helper return substr($val, 4, 16); } + + /** + * Get random salt with specified length + * + * @param int $length Salt length + */ + public function get_random_salt($length) + { + $random = ''; + + if (($fh = @fopen('/dev/urandom', 'rb'))) + { + $random = fread($fh, $length); + fclose($fh); + } + + if (strlen($random) < $length) + { + $random = ''; + $random_state = $this->helper->unique_id(); + + for ($i = 0; $i < $length; $i += 16) + { + $random_state = md5($this->helper->unique_id() . $random_state); + $random .= pack('H*', md5($random_state)); + } + $random = substr($random, 0, $length); + } + return $random; + } } diff --git a/phpBB/includes/crypto/driver/salted_md5.php b/phpBB/includes/crypto/driver/salted_md5.php index 8e1c8a0d05..1bb7a17afc 100644 --- a/phpBB/includes/crypto/driver/salted_md5.php +++ b/phpBB/includes/crypto/driver/salted_md5.php @@ -20,8 +20,6 @@ if (!defined('IN_PHPBB')) */ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base { - protected $itoa = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; - const PREFIX = '$H$'; /** @@ -68,7 +66,7 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base while (--$settings['count']); $output = $settings['full']; - $output .= $this->helper->hash_encode64($hash, 16, $this->itoa); + $output .= $this->helper->hash_encode64($hash, 16); if (strlen($output) == 34) { @@ -108,28 +106,11 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base $random = ''; $count = 6; - if (($fh = @fopen('/dev/urandom', 'rb'))) - { - $random = fread($fh, $count); - fclose($fh); - } - - if (strlen($random) < $count) - { - $random = ''; - $random_state = $this->helper->unique_id(); - - for ($i = 0; $i < $count; $i += 16) - { - $random_state = md5($this->helper->unique_id() . $random_state); - $random .= pack('H*', md5($random_state)); - } - $random = substr($random, 0, $count); - } + $random = $this->helper->get_random_salt($count); $salt = '$H$'; - $salt .= $this->itoa[min($count + 5, 30)]; - $salt .= $this->helper->hash_encode64($random, 6, $this->itoa); + $salt .= $this->helper->itoa64[min($count + 5, 30)]; + $salt .= $this->helper->hash_encode64($random, $count); return $salt; } @@ -146,7 +127,7 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base { return false; } - $count_log2 = strpos($this->itoa, $hash[3]); + $count_log2 = strpos($this->helper->itoa64, $hash[3]); $salt = substr($hash, 4, 8); if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8) |