From 31d2a8ef05ecd6b3f086230d95c0ae10d4f09474 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sat, 15 Jun 2013 10:09:44 +0200
Subject: [feature/passwords] Add salted md5 (phpBB3 default) and phpass
 drivers

The phpass driver extends the standard salted md5 driver of phpBB3. It will
only support the $P$ prefix that phpass uses.

PHPBB3-11610
---
 phpBB/includes/crypto/driver/phpass.php     |  40 ++++++
 phpBB/includes/crypto/driver/salted_md5.php | 186 ++++++++++++++++++++++++++++
 2 files changed, 226 insertions(+)
 create mode 100644 phpBB/includes/crypto/driver/phpass.php
 create mode 100644 phpBB/includes/crypto/driver/salted_md5.php

(limited to 'phpBB/includes')

diff --git a/phpBB/includes/crypto/driver/phpass.php b/phpBB/includes/crypto/driver/phpass.php
new file mode 100644
index 0000000000..4868464d73
--- /dev/null
+++ b/phpBB/includes/crypto/driver/phpass.php
@@ -0,0 +1,40 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+class phpbb_crypto_driver_phpass extends phpbb_crypto_driver_salted_md5
+{
+	const PREFIX = '$P$';
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_type()
+	{
+		return get_class($this);
+	}
+}
diff --git a/phpBB/includes/crypto/driver/salted_md5.php b/phpBB/includes/crypto/driver/salted_md5.php
new file mode 100644
index 0000000000..30b510b8dc
--- /dev/null
+++ b/phpBB/includes/crypto/driver/salted_md5.php
@@ -0,0 +1,186 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base
+{
+	protected $itoa = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+
+	const PREFIX = '$H$';
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_type()
+	{
+		return get_class($this);
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function hash($password, $setting = '')
+	{
+		if ($setting != '')
+		{
+			if (($settings = $this->get_hash_settings($setting)) === false)
+			{
+				return false;
+			}
+		}
+		else
+		{
+			if (($settings = $this->get_hash_settings($this->generate_salt())) === false)
+			{
+				return false;
+			}
+		}
+
+		$hash = md5($settings['salt'] . $password, true);
+		do
+		{
+			$hash = md5($hash . $password, true);
+		}
+		while (--$settings['count']);
+
+		$output = $settings['full'];
+		$output .= _hash_encode64($hash, 16, $this->itoa);
+
+		if (strlen($output) == 34)
+		{
+			return $output;
+		}
+
+		// Should we really just return the md5 of the password? O.o
+		return md5($password);
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function check($password, $hash)
+	{
+		if (strlen($hash) != 34)
+		{
+			return false;
+		}
+		// No need to check prefix, already did that in manage
+
+		if ($hash === $this->hash($password, $hash))
+		{
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	* Return unique id
+	* @param string $extra additional entropy
+	*/
+	protected function unique_id($extra = 'c')
+	{
+		static $dss_seeded = false;
+
+		$val = $this->config['rand_seed'] . microtime();
+		$val = md5($val);
+		$this->config['rand_seed'] = md5($this->config['rand_seed'] . $val . $extra);
+
+		if ($dss_seeded !== true && ($this->config['rand_seed_last_update'] < time() - rand(1,10)))
+		{
+			set_config('rand_seed_last_update', time(), true);
+			set_config('rand_seed', $this->config['rand_seed'], true);
+			$dss_seeded = true;
+		}
+
+		return substr($val, 4, 16);
+	}
+
+	/**
+	* Generate salt for hashing method
+	*
+	* @return string Salt for hashing method
+	*/
+	protected function generate_salt()
+	{
+		$salt = '';
+		$random = '';
+		$count = 6;
+
+		if (($fh = @fopen('/dev/urandom', 'rb')))
+		{
+			$random = fread($fh, $count);
+			fclose($fh);
+		}
+
+		if (strlen($random) < $count)
+		{
+			$random = '';
+			$random_state = unique_id();
+
+			for ($i = 0; $i < $count; $i += 16)
+			{
+				$random_state = md5(unique_id() . $random_state);
+				$random .= pack('H*', md5($random_state));
+			}
+			$random = substr($random, 0, $count);
+		}
+
+		$salt = '$H$';
+		$salt .= $this->itoa[min($count + 5, 30)];
+		$salt .= _hash_encode64($random, 6, $this->itoa);
+		var_dump($salt);
+
+		return $salt;
+	}
+
+	/**
+	* Get hash settings
+	*
+	* @return array Array containing the count_log2, salt, and full hash
+	*		settings string
+	*/
+	public function get_hash_settings($hash)
+	{
+		if (empty($hash))
+		{
+			return false;
+		}
+		$count_log2 = strpos($this->itoa, $hash[3]);
+		$salt = substr($hash, 4, 8);
+
+		if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8)
+		{
+			return false;
+		}
+
+		return array(
+			'count'	=> 1 << $count_log2,
+			'salt'	=> $salt,
+			'full'	=> substr($hash, 0, 12),
+		);
+	}
+}
-- 
cgit v1.2.1