search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added the zend framework 2 library, the path is specified in line no.26 in zend_modul...
[openemr.git] / interface / modules / zend_modules / library / Zend / Crypt / Password / Bcrypt.php
blob8dfa3cb262ea06f4c010d7e12d1f66ad94a1e799
1 <?php
2 /**
3 * Zend Framework (http://framework.zend.com/)
4 *
5 * @link http://github.com/zendframework/zf2 for the canonical source repository
6 * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
7 * @license http://framework.zend.com/license/new-bsd New BSD License
8 */
9
10 namespace Zend\Crypt\Password;
11
12 use Traversable;
13 use Zend\Math\Rand;
14 use Zend\Stdlib\ArrayUtils;
15
16 /**
17 * Bcrypt algorithm using crypt() function of PHP
18 */
19 class Bcrypt implements PasswordInterface
20 {
21 const MIN_SALT_SIZE = 16;
22
23 /**
24 * @var string
25 */
26 protected $cost = '14';
27
28 /**
29 * @var string
30 */
31 protected $salt;
32
33 /**
34 * @var bool
35 */
36 protected $backwardCompatibility = false;
37
38 /**
39 * Constructor
40 *
41 * @param array|Traversable $options
42 * @throws Exception\InvalidArgumentException
43 */
44 public function __construct($options = array())
45 {
46 if (!empty($options)) {
47 if ($options instanceof Traversable) {
48 $options = ArrayUtils::iteratorToArray($options);
49 } elseif (!is_array($options)) {
50 throw new Exception\InvalidArgumentException(
51 'The options parameter must be an array or a Traversable'
52 );
53 }
54 foreach ($options as $key => $value) {
55 switch (strtolower($key)) {
56 case 'salt':
57 $this->setSalt($value);
58 break;
59 case 'cost':
60 $this->setCost($value);
61 break;
62 }
63 }
64 }
65 }
66
67 /**
68 * Bcrypt
69 *
70 * @param string $password
71 * @throws Exception\RuntimeException
72 * @return string
73 */
74 public function create($password)
75 {
76 if (empty($this->salt)) {
77 $salt = Rand::getBytes(self::MIN_SALT_SIZE);
78 } else {
79 $salt = $this->salt;
80 }
81 $salt64 = substr(str_replace('+', '.', base64_encode($salt)), 0, 22);
82 /**
83 * Check for security flaw in the bcrypt implementation used by crypt()
84 * @see http://php.net/security/crypt_blowfish.php
85 */
86 if ((version_compare(PHP_VERSION, '5.3.7') >= 0) && !$this->backwardCompatibility) {
87 $prefix = '$2y$';
88 } else {
89 $prefix = '$2a$';
90 // check if the password contains 8-bit character
91 if (preg_match('/[\x80-\xFF]/', $password)) {
92 throw new Exception\RuntimeException(
93 'The bcrypt implementation used by PHP can contain a security flaw ' .
94 'using password with 8-bit character. ' .
95 'We suggest to upgrade to PHP 5.3.7+ or use passwords with only 7-bit characters'
96 );
97 }
98 }
99 $hash = crypt($password, $prefix . $this->cost . '$' . $salt64);
100 if (strlen($hash) < 13) {
101 throw new Exception\RuntimeException('Error during the bcrypt generation');
102 }
103 return $hash;
104 }
105
106 /**
107 * Verify if a password is correct against an hash value
108 *
109 * @param string $password
110 * @param string $hash
111 * @throws Exception\RuntimeException when the hash is unable to be processed
112 * @return bool
113 */
114 public function verify($password, $hash)
115 {
116 $result = crypt($password, $hash);
117 if ($result === $hash) {
118 return true;
119 }
120 if (strlen($result) <= 13) {
121 /* This should only happen if the algorithm that generated hash is
122 * either unsupported by this version of crypt(), or is invalid.
123 *
124 * An example of when this can happen, is if you generate
125 * non-backwards-compatible hashes on 5.3.7+, and then try to verify
126 * them on < 5.3.7.
127 *
128 * This is needed, because version comparisons are not possible due
129 * to back-ported functionality by some distributions.
130 */
131 throw new Exception\RuntimeException(
132 'The supplied password hash could not be verified. Please check ' .
133 'backwards compatibility settings.'
134 );
135 }
136 return false;
137 }
138
139 /**
140 * Set the cost parameter
141 *
142 * @param int|string $cost
143 * @throws Exception\InvalidArgumentException
144 * @return Bcrypt
145 */
146 public function setCost($cost)
147 {
148 if (!empty($cost)) {
149 $cost = (int) $cost;
150 if ($cost < 4 || $cost > 31) {
151 throw new Exception\InvalidArgumentException(
152 'The cost parameter of bcrypt must be in range 04-31'
153 );
154 }
155 $this->cost = sprintf('%1$02d', $cost);
156 }
157 return $this;
158 }
159
160 /**
161 * Get the cost parameter
162 *
163 * @return string
164 */
165 public function getCost()
166 {
167 return $this->cost;
168 }
169
170 /**
171 * Set the salt value
172 *
173 * @param string $salt
174 * @throws Exception\InvalidArgumentException
175 * @return Bcrypt
176 */
177 public function setSalt($salt)
178 {
179 if (strlen($salt) < self::MIN_SALT_SIZE) {
180 throw new Exception\InvalidArgumentException(
181 'The length of the salt must be at least ' . self::MIN_SALT_SIZE . ' bytes'
182 );
183 }
184 $this->salt = $salt;
185 return $this;
186 }
187
188 /**
189 * Get the salt value
190 *
191 * @return string
192 */
193 public function getSalt()
194 {
195 return $this->salt;
196 }
197
198 /**
199 * Set the backward compatibility $2a$ instead of $2y$ for PHP 5.3.7+
200 *
201 * @param bool $value
202 * @return Bcrypt
203 */
204 public function setBackwardCompatibility($value)
205 {
206 $this->backwardCompatibility = (bool) $value;
207 return $this;
208 }
209
210 /**
211 * Get the backward compatibility
212 *
213 * @return bool
214 */
215 public function getBackwardCompatibility()
216 {
217 return $this->backwardCompatibility;
218 }
219 }
Mirror of official OpenEMR Sourceforge repository