Loading...
Helix SwarmHelix Swarm
Loading...

Bcrypt.php

  • //
  • guest/
  • thomas_gray/
  • jambox/
  • main/
  • swarm/
  • library/
  • Zend/
  • Crypt/
  • Password/
  • Bcrypt.php #1
  • View
  • Commits
  • Open Download .zip Download (6 KB) 
  1. <?php
  2. /**
  3.  * Zend Framework (http://framework.zend.com/)
  4.  *
  5.  * @link      http://github.com/zendframework/zf2 for the canonical source repository
  6.  * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
  7.  * @license   http://framework.zend.com/license/new-bsd New BSD License
  8.  */
  9.  
  10. namespace Zend\Crypt\Password;
  11.  
  12. use Traversable;
  13. use Zend\Math\Rand;
  14. use Zend\Stdlib\ArrayUtils;
  15.  
  16. /**
  17.  * Bcrypt algorithm using crypt() function of PHP
  18.  */
  19. class Bcrypt implements PasswordInterface
  20. {
  21.     const MIN_SALT_SIZE = 16;
  22.  
  23.     /**
  24.      * @var string
  25.      */
  26.     protected $cost = '14';
  27.  
  28.     /**
  29.      * @var string
  30.      */
  31.     protected $salt;
  32.  
  33.     /**
  34.      * @var bool
  35.      */
  36.     protected $backwardCompatibility = false;
  37.  
  38.     /**
  39.      * Constructor
  40.      *
  41.      * @param array|Traversable $options
  42.      * @throws Exception\InvalidArgumentException
  43.      */
  44.     public function __construct($options = array())
  45.     {
  46.         if (!empty($options)) {
  47.             if ($options instanceof Traversable) {
  48.                 $options = ArrayUtils::iteratorToArray($options);
  49.             } elseif (!is_array($options)) {
  50.                 throw new Exception\InvalidArgumentException(
  51.                     'The options parameter must be an array or a Traversable'
  52.                 );
  53.             }
  54.             foreach ($options as $key => $value) {
  55.                 switch (strtolower($key)) {
  56.                     case 'salt':
  57.                         $this->setSalt($value);
  58.                         break;
  59.                     case 'cost':
  60.                         $this->setCost($value);
  61.                         break;
  62.                 }
  63.             }
  64.         }
  65.     }
  66.  
  67.     /**
  68.      * Bcrypt
  69.      *
  70.      * @param  string $password
  71.      * @throws Exception\RuntimeException
  72.      * @return string
  73.      */
  74.     public function create($password)
  75.     {
  76.         if (empty($this->salt)) {
  77.             $salt = Rand::getBytes(self::MIN_SALT_SIZE);
  78.         } else {
  79.             $salt = $this->salt;
  80.         }
  81.         $salt64 = substr(str_replace('+', '.', base64_encode($salt)), 0, 22);
  82.         /**
  83.          * Check for security flaw in the bcrypt implementation used by crypt()
  84.          * @see http://php.net/security/crypt_blowfish.php
  85.          */
  86.         if ((version_compare(PHP_VERSION, '5.3.7') >= 0) && !$this->backwardCompatibility) {
  87.             $prefix = '$2y$';
  88.         } else {
  89.             $prefix = '$2a$';
  90.             // check if the password contains 8-bit character
  91.             if (preg_match('/[\x80-\xFF]/', $password)) {
  92.                 throw new Exception\RuntimeException(
  93.                     'The bcrypt implementation used by PHP can contain a security flaw ' .
  94.                     'using password with 8-bit character. ' .
  95.                     'We suggest to upgrade to PHP 5.3.7+ or use passwords with only 7-bit characters'
  96.                 );
  97.             }
  98.         }
  99.         $hash = crypt($password, $prefix . $this->cost . '$' . $salt64);
  100.         if (strlen($hash) < 13) {
  101.             throw new Exception\RuntimeException('Error during the bcrypt generation');
  102.         }
  103.         return $hash;
  104.     }
  105.  
  106.     /**
  107.      * Verify if a password is correct against an hash value
  108.      *
  109.      * @param  string $password
  110.      * @param  string $hash
  111.      * @throws Exception\RuntimeException when the hash is unable to be processed
  112.      * @return bool
  113.      */
  114.     public function verify($password, $hash)
  115.     {
  116.         $result = crypt($password, $hash);
  117.         if ($result === $hash) {
  118.             return true;
  119.         }
  120.         if (strlen($result) <= 13) {
  121.             /* This should only happen if the algorithm that generated hash is
  122.              * either unsupported by this version of crypt(), or is invalid.
  123.              *
  124.              * An example of when this can happen, is if you generate
  125.              * non-backwards-compatible hashes on 5.3.7+, and then try to verify
  126.              * them on < 5.3.7.
  127.              *
  128.              * This is needed, because version comparisons are not possible due
  129.              * to back-ported functionality by some distributions.
  130.              */
  131.             throw new Exception\RuntimeException(
  132.                 'The supplied password hash could not be verified. Please check ' .
  133.                 'backwards compatibility settings.'
  134.             );
  135.         }
  136.         return false;
  137.     }
  138.  
  139.     /**
  140.      * Set the cost parameter
  141.      *
  142.      * @param  int|string $cost
  143.      * @throws Exception\InvalidArgumentException
  144.      * @return Bcrypt
  145.      */
  146.     public function setCost($cost)
  147.     {
  148.         if (!empty($cost)) {
  149.             $cost = (int) $cost;
  150.             if ($cost < 4 || $cost > 31) {
  151.                 throw new Exception\InvalidArgumentException(
  152.                     'The cost parameter of bcrypt must be in range 04-31'
  153.                 );
  154.             }
  155.             $this->cost = sprintf('%1$02d', $cost);
  156.         }
  157.         return $this;
  158.     }
  159.  
  160.     /**
  161.      * Get the cost parameter
  162.      *
  163.      * @return string
  164.      */
  165.     public function getCost()
  166.     {
  167.         return $this->cost;
  168.     }
  169.  
  170.     /**
  171.      * Set the salt value
  172.      *
  173.      * @param  string $salt
  174.      * @throws Exception\InvalidArgumentException
  175.      * @return Bcrypt
  176.      */
  177.     public function setSalt($salt)
  178.     {
  179.         if (strlen($salt) < self::MIN_SALT_SIZE) {
  180.             throw new Exception\InvalidArgumentException(
  181.                 'The length of the salt must be at least ' . self::MIN_SALT_SIZE . ' bytes'
  182.             );
  183.         }
  184.         $this->salt = $salt;
  185.         return $this;
  186.     }
  187.  
  188.     /**
  189.      * Get the salt value
  190.      *
  191.      * @return string
  192.      */
  193.     public function getSalt()
  194.     {
  195.         return $this->salt;
  196.     }
  197.  
  198.     /**
  199.      * Set the backward compatibility $2a$ instead of $2y$ for PHP 5.3.7+
  200.      *
  201.      * @param bool $value
  202.      * @return Bcrypt
  203.      */
  204.     public function setBackwardCompatibility($value)
  205.     {
  206.         $this->backwardCompatibility = (bool) $value;
  207.         return $this;
  208.     }
  209.  
  210.     /**
  211.      * Get the backward compatibility
  212.      *
  213.      * @return bool
  214.      */
  215.     public function getBackwardCompatibility()
  216.     {
  217.         return $this->backwardCompatibility;
  218.     }
  219. }
# Change User Description Committed
#1 18334 Liz Lam initial add of jambox 9 years ago