search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
codestyle adjustments: function argument spacing
[dokuwiki.git] / inc / PassHash.php
blobf8896f6ffcb54d2f83ecc429f9012717a2ba0d31
1 <?php
2 // phpcs:disable PSR1.Methods.CamelCapsMethodName.NotCamelCaps
3
4 namespace dokuwiki;
5
6 /**
7 * Password Hashing Class
8 *
9 * This class implements various mechanisms used to hash passwords
10 *
11 * @author Andreas Gohr <andi@splitbrain.org>
12 * @author Schplurtz le Déboulonné <Schplurtz@laposte.net>
13 * @license LGPL2
14 */
15 class PassHash {
16 /**
17 * Verifies a cleartext password against a crypted hash
18 *
19 * The method and salt used for the crypted hash is determined automatically,
20 * then the clear text password is crypted using the same method. If both hashs
21 * match true is is returned else false
22 *
23 * @author Andreas Gohr <andi@splitbrain.org>
24 * @author Schplurtz le Déboulonné <Schplurtz@laposte.net>
25 *
26 * @param string $clear Clear-Text password
27 * @param string $hash Hash to compare against
28 * @return bool
29 */
30 public function verify_hash($clear, $hash) {
31 $method = '';
32 $salt = '';
33 $magic = '';
34
35 //determine the used method and salt
36 if (substr($hash, 0, 2) == 'U$') {
37 // This may be an updated password from user_update_7000(). Such hashes
38 // have 'U' added as the first character and need an extra md5().
39 $hash = substr($hash, 1);
40 $clear = md5($clear);
41 }
42 $len = strlen($hash);
43 if(preg_match('/^\$1\$([^\$]{0,8})\$/', $hash, $m)) {
44 $method = 'smd5';
45 $salt = $m[1];
46 $magic = '1';
47 } elseif(preg_match('/^\$apr1\$([^\$]{0,8})\$/', $hash, $m)) {
48 $method = 'apr1';
49 $salt = $m[1];
50 $magic = 'apr1';
51 } elseif(preg_match('/^\$S\$(.{52})$/', $hash, $m)) {
52 $method = 'drupal_sha512';
53 $salt = $m[1];
54 $magic = 'S';
55 } elseif(preg_match('/^\$P\$(.{31})$/', $hash, $m)) {
56 $method = 'pmd5';
57 $salt = $m[1];
58 $magic = 'P';
59 } elseif(preg_match('/^\$H\$(.{31})$/', $hash, $m)) {
60 $method = 'pmd5';
61 $salt = $m[1];
62 $magic = 'H';
63 } elseif(preg_match('/^pbkdf2_(\w+?)\$(\d+)\$(.{12})\$/', $hash, $m)) {
64 $method = 'djangopbkdf2';
65 $magic = ['algo' => $m[1], 'iter' => $m[2]];
66 $salt = $m[3];
67 } elseif(preg_match('/^PBKDF2(SHA\d+)\$(\d+)\$([[:xdigit:]]+)\$([[:xdigit:]]+)$/', $hash, $m)) {
68 $method = 'seafilepbkdf2';
69 $magic = ['algo' => $m[1], 'iter' => $m[2]];
70 $salt = $m[3];
71 } elseif(preg_match('/^sha1\$(.{5})\$/', $hash, $m)) {
72 $method = 'djangosha1';
73 $salt = $m[1];
74 } elseif(preg_match('/^md5\$(.{5})\$/', $hash, $m)) {
75 $method = 'djangomd5';
76 $salt = $m[1];
77 } elseif(preg_match('/^\$2(a|y)\$(.{2})\$/', $hash, $m)) {
78 $method = 'bcrypt';
79 $salt = $hash;
80 } elseif(substr($hash, 0, 6) == '{SSHA}') {
81 $method = 'ssha';
82 $salt = substr(base64_decode(substr($hash, 6)), 20);
83 } elseif(substr($hash, 0, 6) == '{SMD5}') {
84 $method = 'lsmd5';
85 $salt = substr(base64_decode(substr($hash, 6)), 16);
86 } elseif(preg_match('/^:B:(.+?):.{32}$/', $hash, $m)) {
87 $method = 'mediawiki';
88 $salt = $m[1];
89 } elseif(preg_match('/^\$(5|6)\$(rounds=\d+)?\$?(.+?)\$/', $hash, $m)) {
90 $method = 'sha2';
91 $salt = $m[3];
92 $magic = ['prefix' => $m[1], 'rounds' => $m[2]];
93 } elseif(preg_match('/^\$(argon2id?)/', $hash, $m)) {
94 if(!defined('PASSWORD_'.strtoupper($m[1]))) {
95 throw new \Exception('This PHP installation has no '.strtoupper($m[1]).' support');
96 }
97 return password_verify($clear, $hash);
98 } elseif($len == 32) {
99 $method = 'md5';
100 } elseif($len == 40) {
101 $method = 'sha1';
102 } elseif($len == 16) {
103 $method = 'mysql';
104 } elseif($len == 41 && $hash[0] == '*') {
105 $method = 'my411';
106 } elseif($len == 34) {
107 $method = 'kmd5';
108 $salt = $hash;
109 } else {
110 $method = 'crypt';
111 $salt = substr($hash, 0, 2);
112 }
113
114 //crypt and compare
115 $call = 'hash_'.$method;
116 $newhash = $this->$call($clear, $salt, $magic);
117 if(\hash_equals($newhash, $hash)) {
118 return true;
119 }
120 return false;
121 }
122
123 /**
124 * Create a random salt
125 *
126 * @param int $len The length of the salt
127 * @return string
128 */
129 public function gen_salt($len = 32) {
130 $salt = '';
131 $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
132 for($i = 0; $i < $len; $i++) {
133 $salt .= $chars[$this->random(0, 61)];
134 }
135 return $salt;
136 }
137
138 /**
139 * Initialize the passed variable with a salt if needed.
140 *
141 * If $salt is not null, the value is kept, but the lenght restriction is
142 * applied (unless, $cut is false).
143 *
144 * @param string|null &$salt The salt, pass null if you want one generated
145 * @param int $len The length of the salt
146 * @param bool $cut Apply length restriction to existing salt?
147 */
148 public function init_salt(&$salt, $len = 32, $cut = true) {
149 if(is_null($salt)) {
150 $salt = $this->gen_salt($len);
151 $cut = true; // for new hashes we alway apply length restriction
152 }
153 if(strlen($salt) > $len && $cut) $salt = substr($salt, 0, $len);
154 }
155
156 // Password hashing methods follow below
157
158 /**
159 * Password hashing method 'smd5'
160 *
161 * Uses salted MD5 hashs. Salt is 8 bytes long.
162 *
163 * The same mechanism is used by Apache's 'apr1' method. This will
164 * fallback to a implementation in pure PHP if MD5 support is not
165 * available in crypt()
166 *
167 * @author Andreas Gohr <andi@splitbrain.org>
168 * @author <mikey_nich at hotmail dot com>
169 * @link http://php.net/manual/en/function.crypt.php#73619
170 *
171 * @param string $clear The clear text to hash
172 * @param string $salt The salt to use, null for random
173 * @return string Hashed password
174 */
175 public function hash_smd5($clear, $salt = null) {
176 $this->init_salt($salt, 8);
177
178 if(defined('CRYPT_MD5') && CRYPT_MD5 && $salt !== '') {
179 return crypt($clear, '$1$'.$salt.'$');
180 } else {
181 // Fall back to PHP-only implementation
182 return $this->hash_apr1($clear, $salt, '1');
183 }
184 }
185
186 /**
187 * Password hashing method 'lsmd5'
188 *
189 * Uses salted MD5 hashs. Salt is 8 bytes long.
190 *
191 * This is the format used by LDAP.
192 *
193 * @param string $clear The clear text to hash
194 * @param string $salt The salt to use, null for random
195 * @return string Hashed password
196 */
197 public function hash_lsmd5($clear, $salt = null) {
198 $this->init_salt($salt, 8);
199 return "{SMD5}".base64_encode(md5($clear.$salt, true).$salt);
200 }
201
202 /**
203 * Password hashing method 'apr1'
204 *
205 * Uses salted MD5 hashs. Salt is 8 bytes long.
206 *
207 * This is basically the same as smd1 above, but as used by Apache.
208 *
209 * @author <mikey_nich at hotmail dot com>
210 * @link http://php.net/manual/en/function.crypt.php#73619
211 *
212 * @param string $clear The clear text to hash
213 * @param string $salt The salt to use, null for random
214 * @param string $magic The hash identifier (apr1 or 1)
215 * @return string Hashed password
216 */
217 public function hash_apr1($clear, $salt = null, $magic = 'apr1') {
218 $this->init_salt($salt, 8);
219
220 $len = strlen($clear);
221 $text = $clear.'$'.$magic.'$'.$salt;
222 $bin = pack("H32", md5($clear.$salt.$clear));
223 for($i = $len; $i > 0; $i -= 16) {
224 $text .= substr($bin, 0, min(16, $i));
225 }
226 for($i = $len; $i > 0; $i >>= 1) {
227 $text .= ($i & 1) ? chr(0) : $clear[0];
228 }
229 $bin = pack("H32", md5($text));
230 for($i = 0; $i < 1000; $i++) {
231 $new = ($i & 1) ? $clear : $bin;
232 if($i % 3) $new .= $salt;
233 if($i % 7) $new .= $clear;
234 $new .= ($i & 1) ? $bin : $clear;
235 $bin = pack("H32", md5($new));
236 }
237 $tmp = '';
238 for($i = 0; $i < 5; $i++) {
239 $k = $i + 6;
240 $j = $i + 12;
241 if($j == 16) $j = 5;
242 $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
243 }
244 $tmp = chr(0).chr(0).$bin[11].$tmp;
245 $tmp = strtr(
246 strrev(substr(base64_encode($tmp), 2)),
247 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
248 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
249 );
250 return '$'.$magic.'$'.$salt.'$'.$tmp;
251 }
252
253 /**
254 * Password hashing method 'md5'
255 *
256 * Uses MD5 hashs.
257 *
258 * @param string $clear The clear text to hash
259 * @return string Hashed password
260 */
261 public function hash_md5($clear) {
262 return md5($clear);
263 }
264
265 /**
266 * Password hashing method 'sha1'
267 *
268 * Uses SHA1 hashs.
269 *
270 * @param string $clear The clear text to hash
271 * @return string Hashed password
272 */
273 public function hash_sha1($clear) {
274 return sha1($clear);
275 }
276
277 /**
278 * Password hashing method 'ssha' as used by LDAP
279 *
280 * Uses salted SHA1 hashs. Salt is 4 bytes long.
281 *
282 * @param string $clear The clear text to hash
283 * @param string $salt The salt to use, null for random
284 * @return string Hashed password
285 */
286 public function hash_ssha($clear, $salt = null) {
287 $this->init_salt($salt, 4);
288 return '{SSHA}'.base64_encode(pack("H*", sha1($clear.$salt)).$salt);
289 }
290
291 /**
292 * Password hashing method 'crypt'
293 *
294 * Uses salted crypt hashs. Salt is 2 bytes long.
295 *
296 * @param string $clear The clear text to hash
297 * @param string $salt The salt to use, null for random
298 * @return string Hashed password
299 */
300 public function hash_crypt($clear, $salt = null) {
301 $this->init_salt($salt, 2);
302 return crypt($clear, $salt);
303 }
304
305 /**
306 * Password hashing method 'mysql'
307 *
308 * This method was used by old MySQL systems
309 *
310 * @link http://php.net/mysql
311 * @author <soren at byu dot edu>
312 * @param string $clear The clear text to hash
313 * @return string Hashed password
314 */
315 public function hash_mysql($clear) {
316 $nr = 0x50305735;
317 $nr2 = 0x12345671;
318 $add = 7;
319 $charArr = preg_split("//", $clear);
320 foreach($charArr as $char) {
321 if(($char == '') || ($char == ' ') || ($char == '\t')) continue;
322 $charVal = ord($char);
323 $nr ^= ((($nr & 63) + $add) * $charVal) + ($nr << 8);
324 $nr2 += ($nr2 << 8) ^ $nr;
325 $add += $charVal;
326 }
327 return sprintf("%08x%08x", ($nr & 0x7fffffff), ($nr2 & 0x7fffffff));
328 }
329
330 /**
331 * Password hashing method 'my411'
332 *
333 * Uses SHA1 hashs. This method is used by MySQL 4.11 and above
334 *
335 * @param string $clear The clear text to hash
336 * @return string Hashed password
337 */
338 public function hash_my411($clear) {
339 return '*'.strtoupper(sha1(pack("H*", sha1($clear))));
340 }
341
342 /**
343 * Password hashing method 'kmd5'
344 *
345 * Uses salted MD5 hashs.
346 *
347 * Salt is 2 bytes long, but stored at position 16, so you need to pass at
348 * least 18 bytes. You can pass the crypted hash as salt.
349 *
350 * @param string $clear The clear text to hash
351 * @param string $salt The salt to use, null for random
352 * @return string Hashed password
353 */
354 public function hash_kmd5($clear, $salt = null) {
355 $this->init_salt($salt);
356
357 $key = substr($salt, 16, 2);
358 $hash1 = strtolower(md5($key.md5($clear)));
359 $hash2 = substr($hash1, 0, 16).$key.substr($hash1, 16);
360 return $hash2;
361 }
362
363 /**
364 * Password stretched hashing wrapper.
365 *
366 * Initial hash is repeatedly rehashed with same password.
367 * Any salted hash algorithm supported by PHP hash() can be used. Salt
368 * is 1+8 bytes long, 1st byte is the iteration count when given. For null
369 * salts $compute is used.
370 *
371 * The actual iteration count is 2 to the power of the given count,
372 * maximum is 30 (-> 2^30 = 1_073_741_824). If a higher one is given,
373 * the function throws an exception.
374 * This iteration count is expected to grow with increasing power of
375 * new computers.
376 *
377 * @author Andreas Gohr <andi@splitbrain.org>
378 * @author Schplurtz le Déboulonné <Schplurtz@laposte.net>
379 * @link http://www.openwall.com/phpass/
380 *
381 * @param string $algo The hash algorithm to be used
382 * @param string $clear The clear text to hash
383 * @param string $salt The salt to use, null for random
384 * @param string $magic The hash identifier (P or H)
385 * @param int $compute The iteration count for new passwords
386 * @throws \Exception
387 * @return string Hashed password
388 */
389 protected function stretched_hash($algo, $clear, $salt = null, $magic = 'P', $compute = 8) {
390 $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
391 if(is_null($salt)) {
392 $this->init_salt($salt);
393 $salt = $itoa64[$compute].$salt; // prefix iteration count
394 }
395 $iterc = $salt[0]; // pos 0 of salt is log2(iteration count)
396 $iter = strpos($itoa64, $iterc);
397
398 if($iter > 30) {
399 throw new \Exception("Too high iteration count ($iter) in ".
400 self::class.'::'.__FUNCTION__);
401 }
402
403 $iter = 1 << $iter;
404 $salt = substr($salt, 1, 8);
405
406 // iterate
407 $hash = hash($algo, $salt . $clear, TRUE);
408 do {
409 $hash = hash($algo, $hash.$clear, true);
410 } while(--$iter);
411
412 // encode
413 $output = '';
414 $count = strlen($hash);
415 $i = 0;
416 do {
417 $value = ord($hash[$i++]);
418 $output .= $itoa64[$value & 0x3f];
419 if($i < $count)
420 $value |= ord($hash[$i]) << 8;
421 $output .= $itoa64[($value >> 6) & 0x3f];
422 if($i++ >= $count)
423 break;
424 if($i < $count)
425 $value |= ord($hash[$i]) << 16;
426 $output .= $itoa64[($value >> 12) & 0x3f];
427 if($i++ >= $count)
428 break;
429 $output .= $itoa64[($value >> 18) & 0x3f];
430 } while($i < $count);
431
432 return '$'.$magic.'$'.$iterc.$salt.$output;
433 }
434
435 /**
436 * Password hashing method 'pmd5'
437 *
438 * Repeatedly uses salted MD5 hashs. See stretched_hash() for the
439 * details.
440 *
441 *
442 * @author Schplurtz le Déboulonné <Schplurtz@laposte.net>
443 * @link http://www.openwall.com/phpass/
444 * @see PassHash::stretched_hash() for the implementation details.
445 *
446 * @param string $clear The clear text to hash
447 * @param string $salt The salt to use, null for random
448 * @param string $magic The hash identifier (P or H)
449 * @param int $compute The iteration count for new passwords
450 * @throws Exception
451 * @return string Hashed password
452 */
453 public function hash_pmd5($clear, $salt = null, $magic = 'P', $compute = 8) {
454 return $this->stretched_hash('md5', $clear, $salt, $magic, $compute);
455 }
456
457 /**
458 * Password hashing method 'drupal_sha512'
459 *
460 * Implements Drupal salted sha512 hashs. Drupal truncates the hash at 55
461 * characters. See stretched_hash() for the details;
462 *
463 * @author Schplurtz le Déboulonné <Schplurtz@laposte.net>
464 * @link https://api.drupal.org/api/drupal/includes%21password.inc/7.x
465 * @see PassHash::stretched_hash() for the implementation details.
466 *
467 * @param string $clear The clear text to hash
468 * @param string $salt The salt to use, null for random
469 * @param string $magic The hash identifier (S)
470 * @param int $compute The iteration count for new passwords (defautl is drupal 7's)
471 * @throws Exception
472 * @return string Hashed password
473 */
474 public function hash_drupal_sha512($clear, $salt = null, $magic = 'S', $compute = 15) {
475 return substr($this->stretched_hash('sha512', $clear, $salt, $magic, $compute), 0, 55);
476 }
477
478 /**
479 * Alias for hash_pmd5
480 *
481 * @param string $clear
482 * @param null|string $salt
483 * @param string $magic
484 * @param int $compute
485 *
486 * @return string
487 * @throws \Exception
488 */
489 public function hash_hmd5($clear, $salt = null, $magic = 'H', $compute = 8) {
490 return $this->hash_pmd5($clear, $salt, $magic, $compute);
491 }
492
493 /**
494 * Password hashing method 'djangosha1'
495 *
496 * Uses salted SHA1 hashs. Salt is 5 bytes long.
497 * This is used by the Django Python framework
498 *
499 * @link http://docs.djangoproject.com/en/dev/topics/auth/#passwords
500 *
501 * @param string $clear The clear text to hash
502 * @param string $salt The salt to use, null for random
503 * @return string Hashed password
504 */
505 public function hash_djangosha1($clear, $salt = null) {
506 $this->init_salt($salt, 5);
507 return 'sha1$'.$salt.'$'.sha1($salt.$clear);
508 }
509
510 /**
511 * Password hashing method 'djangomd5'
512 *
513 * Uses salted MD5 hashs. Salt is 5 bytes long.
514 * This is used by the Django Python framework
515 *
516 * @link http://docs.djangoproject.com/en/dev/topics/auth/#passwords
517 *
518 * @param string $clear The clear text to hash
519 * @param string $salt The salt to use, null for random
520 * @return string Hashed password
521 */
522 public function hash_djangomd5($clear, $salt = null) {
523 $this->init_salt($salt, 5);
524 return 'md5$'.$salt.'$'.md5($salt.$clear);
525 }
526
527 /**
528 * Password hashing method 'seafilepbkdf2'
529 *
530 * An algorithm and iteration count should be given in the opts array.
531 *
532 * Hash algorithm is the string that is in the password string in seafile
533 * database. It has to be converted to a php algo name.
534 *
535 * @author Schplurtz le Déboulonné <Schplurtz@laposte.net>
536 * @see https://stackoverflow.com/a/23670177
537 *
538 * @param string $clear The clear text to hash
539 * @param string $salt The salt to use, null for random
540 * @param array $opts ('algo' => hash algorithm, 'iter' => iterations)
541 * @return string Hashed password
542 * @throws Exception when PHP is missing support for the method/algo
543 */
544 public function hash_seafilepbkdf2($clear, $salt=null, $opts=[]) {
545 $this->init_salt($salt, 64);
546 if(empty($opts['algo'])) {
547 $prefixalgo='SHA256';
548 } else {
549 $prefixalgo=$opts['algo'];
550 }
551 $algo = strtolower($prefixalgo);
552 if(empty($opts['iter'])) {
553 $iter = 10000;
554 } else {
555 $iter = (int) $opts['iter'];
556 }
557 if(!function_exists('hash_pbkdf2')) {
558 throw new Exception('This PHP installation has no PBKDF2 support');
559 }
560 if(!in_array($algo, hash_algos())) {
561 throw new Exception("This PHP installation has no $algo support");
562 }
563
564 $hash = hash_pbkdf2($algo, $clear, hex2bin($salt), $iter, 0);
565 return "PBKDF2$prefixalgo\$$iter\$$salt\$$hash";
566 }
567
568 /**
569 * Password hashing method 'djangopbkdf2'
570 *
571 * An algorithm and iteration count should be given in the opts array.
572 * Defaults to sha256 and 24000 iterations
573 *
574 * @param string $clear The clear text to hash
575 * @param string $salt The salt to use, null for random
576 * @param array $opts ('algo' => hash algorithm, 'iter' => iterations)
577 * @return string Hashed password
578 * @throws \Exception when PHP is missing support for the method/algo
579 */
580 public function hash_djangopbkdf2($clear, $salt=null, $opts=[]) {
581 $this->init_salt($salt, 12);
582 if(empty($opts['algo'])) {
583 $algo = 'sha256';
584 } else {
585 $algo = $opts['algo'];
586 }
587 if(empty($opts['iter'])) {
588 $iter = 24000;
589 } else {
590 $iter = (int) $opts['iter'];
591 }
592 if(!function_exists('hash_pbkdf2')) {
593 throw new \Exception('This PHP installation has no PBKDF2 support');
594 }
595 if(!in_array($algo, hash_algos())) {
596 throw new \Exception("This PHP installation has no $algo support");
597 }
598
599 $hash = base64_encode(hash_pbkdf2($algo, $clear, $salt, $iter, 0, true));
600 return "pbkdf2_$algo\$$iter\$$salt\$$hash";
601 }
602
603 /**
604 * Alias for djangopbkdf2 defaulting to sha256 as hash algorithm
605 *
606 * @param string $clear The clear text to hash
607 * @param string $salt The salt to use, null for random
608 * @param array $opts ('iter' => iterations)
609 * @return string Hashed password
610 * @throws \Exception when PHP is missing support for the method/algo
611 */
612 public function hash_djangopbkdf2_sha256($clear, $salt=null, $opts=[]) {
613 $opts['algo'] = 'sha256';
614 return $this->hash_djangopbkdf2($clear, $salt, $opts);
615 }
616
617 /**
618 * Alias for djangopbkdf2 defaulting to sha1 as hash algorithm
619 *
620 * @param string $clear The clear text to hash
621 * @param string $salt The salt to use, null for random
622 * @param array $opts ('iter' => iterations)
623 * @return string Hashed password
624 * @throws \Exception when PHP is missing support for the method/algo
625 */
626 public function hash_djangopbkdf2_sha1($clear, $salt=null, $opts=[]) {
627 $opts['algo'] = 'sha1';
628 return $this->hash_djangopbkdf2($clear, $salt, $opts);
629 }
630
631 /**
632 * Passwordhashing method 'bcrypt'
633 *
634 * Uses a modified blowfish algorithm called eksblowfish
635 * This method works on PHP 5.3+ only and will throw an exception
636 * if the needed crypt support isn't available
637 *
638 * A full hash should be given as salt (starting with $a2$) or this
639 * will break. When no salt is given, the iteration count can be set
640 * through the $compute variable.
641 *
642 * @param string $clear The clear text to hash
643 * @param string $salt The salt to use, null for random
644 * @param int $compute The iteration count (between 4 and 31)
645 * @throws \Exception
646 * @return string Hashed password
647 */
648 public function hash_bcrypt($clear, $salt = null, $compute = 10) {
649 if(!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH !== 1) {
650 throw new \Exception('This PHP installation has no bcrypt support');
651 }
652
653 if(is_null($salt)) {
654 if($compute < 4 || $compute > 31) $compute = 8;
655 $salt = '$2y$'.str_pad($compute, 2, '0', STR_PAD_LEFT).'$'.
656 $this->gen_salt(22);
657 }
658
659 return crypt($clear, $salt);
660 }
661
662 /**
663 * Password hashing method SHA-2
664 *
665 * This is only supported on PHP 5.3.2 or higher and will throw an exception if
666 * the needed crypt support is not available
667 *
668 * Uses:
669 * - SHA-2 with 256-bit output for prefix $5$
670 * - SHA-2 with 512-bit output for prefix $6$ (default)
671 *
672 * @param string $clear The clear text to hash
673 * @param string $salt The salt to use, null for random
674 * @param array $opts ('rounds' => rounds for sha256/sha512, 'prefix' => selected method from SHA-2 family)
675 * @return string Hashed password
676 * @throws \Exception
677 */
678 public function hash_sha2($clear, $salt = null, $opts = []) {
679 if(empty($opts['prefix'])) {
680 $prefix = '6';
681 } else {
682 $prefix = $opts['prefix'];
683 }
684 if(empty($opts['rounds'])) {
685 $rounds = null;
686 } else {
687 $rounds = $opts['rounds'];
688 }
689 if($prefix == '5' && (!defined('CRYPT_SHA256') || CRYPT_SHA256 !== 1)) {
690 throw new \Exception('This PHP installation has no SHA256 support');
691 }
692 if($prefix == '6' && (!defined('CRYPT_SHA512') || CRYPT_SHA512 !== 1)) {
693 throw new \Exception('This PHP installation has no SHA512 support');
694 }
695 $this->init_salt($salt, 8, false);
696 if(empty($rounds)) {
697 return crypt($clear, '$'.$prefix.'$'.$salt.'$');
698 }else{
699 return crypt($clear, '$'.$prefix.'$'.$rounds.'$'.$salt.'$');
700 }
701 }
702
703 /** @see sha2 */
704 public function hash_sha512($clear, $salt = null, $opts=[]) {
705 $opts['prefix'] = 6;
706 return $this->hash_sha2($clear, $salt, $opts);
707 }
708
709 /** @see sha2 */
710 public function hash_sha256($clear, $salt = null, $opts=[]) {
711 $opts['prefix'] = 5;
712 return $this->hash_sha2($clear, $salt, $opts);
713 }
714
715 /**
716 * Password hashing method 'mediawiki'
717 *
718 * Uses salted MD5, this is referred to as Method B in MediaWiki docs. Unsalted md5
719 * method 'A' is not supported.
720 *
721 * @link http://www.mediawiki.org/wiki/Manual_talk:User_table#user_password_column
722 *
723 * @param string $clear The clear text to hash
724 * @param string $salt The salt to use, null for random
725 * @return string Hashed password
726 */
727 public function hash_mediawiki($clear, $salt = null) {
728 $this->init_salt($salt, 8, false);
729 return ':B:'.$salt.':'.md5($salt.'-'.md5($clear));
730 }
731
732
733 /**
734 * Password hashing method 'argon2i'
735 *
736 * Uses php's own password_hash function to create argon2i password hash
737 * Default Cost and thread options are used for now.
738 *
739 * @link https://www.php.net/manual/de/function.password-hash.php
740 *
741 * @param string $clear The clear text to hash
742 * @return string Hashed password
743 */
744 public function hash_argon2i($clear) {
745 if(!defined('PASSWORD_ARGON2I')) {
746 throw new \Exception('This PHP installation has no ARGON2I support');
747 }
748 return password_hash($clear, PASSWORD_ARGON2I);
749 }
750
751 /**
752 * Password hashing method 'argon2id'
753 *
754 * Uses php's own password_hash function to create argon2id password hash
755 * Default Cost and thread options are used for now.
756 *
757 * @link https://www.php.net/manual/de/function.password-hash.php
758 *
759 * @param string $clear The clear text to hash
760 * @return string Hashed password
761 */
762 public function hash_argon2id($clear) {
763 if(!defined('PASSWORD_ARGON2ID')) {
764 throw new \Exception('This PHP installation has no ARGON2ID support');
765 }
766 return password_hash($clear, PASSWORD_ARGON2ID);
767 }
768
769 /**
770 * Wraps around native hash_hmac() or reimplents it
771 *
772 * This is not directly used as password hashing method, and thus isn't callable via the
773 * verify_hash() method. It should be used to create signatures and might be used in other
774 * password hashing methods.
775 *
776 * @see hash_hmac()
777 * @author KC Cloyd
778 * @link http://php.net/manual/en/function.hash-hmac.php#93440
779 *
780 * @param string $algo Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4",
781 * etc..) See hash_algos() for a list of supported algorithms.
782 * @param string $data Message to be hashed.
783 * @param string $key Shared secret key used for generating the HMAC variant of the message digest.
784 * @param bool $raw_output When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.
785 * @return string
786 */
787 public static function hmac($algo, $data, $key, $raw_output = false) {
788 // use native function if available and not in unit test
789 if(function_exists('hash_hmac') && !defined('SIMPLE_TEST')){
790 return hash_hmac($algo, $data, $key, $raw_output);
791 }
792
793 $algo = strtolower($algo);
794 $pack = 'H' . strlen($algo('test'));
795 $size = 64;
796 $opad = str_repeat(chr(0x5C), $size);
797 $ipad = str_repeat(chr(0x36), $size);
798
799 if(strlen($key) > $size) {
800 $key = str_pad(pack($pack, $algo($key)), $size, chr(0x00));
801 } else {
802 $key = str_pad($key, $size, chr(0x00));
803 }
804
805 for($i = 0; $i < strlen($key) - 1; $i++) {
806 $ochar = $opad[$i] ^ $key[$i];
807 $ichar = $ipad[$i] ^ $key[$i];
808 $opad[$i] = $ochar;
809 $ipad[$i] = $ichar;
810 }
811
812 $output = $algo($opad . pack($pack, $algo($ipad . $data)));
813
814 return ($raw_output) ? pack($pack, $output) : $output;
815 }
816
817 /**
818 * Use a secure random generator
819 *
820 * @param int $min
821 * @param int $max
822 * @return int
823 */
824 protected function random($min, $max){
825 try {
826 return random_int($min, $max);
827 } catch (\Exception $e) {
828 // availability of random source is checked elsewhere in DokuWiki
829 // we demote this to an unchecked runtime exception here
830 throw new \RuntimeException($e->getMessage(), $e->getCode(), $e);
831 }
832 }
833 }