* This file is part of Pydio. * * Pydio is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * Pydio is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with Pydio. If not, see . * * The latest code can be found at . */ namespace Pydio\Core\Utils\Vars; use Pydio\Core\Exception\PydioException; use Pydio\Core\Utils\Crypto; defined('AJXP_EXEC') or die('Access not allowed'); // THESE ARE DEFINED IN bootstrap_context.php // REPEAT HERE FOR BACKWARD COMPATIBILITY. if (!defined('PBKDF2_HASH_ALGORITHM')) { define("PBKDF2_HASH_ALGORITHM", "sha256"); define("PBKDF2_ITERATIONS", 1000); define("PBKDF2_SALT_BYTE_SIZE", 24); define("PBKDF2_HASH_BYTE_SIZE", 24); define("HASH_SECTIONS", 4); define("HASH_ALGORITHM_INDEX", 0); define("HASH_ITERATION_INDEX", 1); define("HASH_SALT_INDEX", 2); define("HASH_PBKDF2_INDEX", 3); define("USE_OPENSSL_RANDOM", false); } /** * Class PasswordEncoder * @package Pydio\Core\Utils */ class PasswordEncoder { /** * PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt * $algorithm - The hash algorithm to use. Recommended: SHA256 * $password - The password. * $salt - A salt that is unique to the password. * $count - Iteration count. Higher is better, but slower. Recommended: At least 1000. * $key_length - The length of the derived key in bytes. * $raw_output - If true, the key is returned in raw binary format. Hex encoded otherwise. * Returns: A $key_length-byte key derived from the password and salt. * * Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt * * This implementation of PBKDF2 was originally created by https://defuse.ca * With improvements by http://www.variations-of-shadow.com * @param $algorithm * @param $password * @param $salt * @param $count * @param $key_length * @param bool $raw_output * @return string * @throws PydioException */ public static function pbkdf2_apply($algorithm, $password, $salt, $count, $key_length, $raw_output = false) { $algorithm = strtolower($algorithm); if (!in_array($algorithm, hash_algos(), true)) throw new PydioException('PBKDF2 ERROR: Invalid hash algorithm.'); if ($count <= 0 || $key_length <= 0) throw new PydioException('PBKDF2 ERROR: Invalid parameters.'); $hash_length = strlen(hash($algorithm, "", true)); $block_count = ceil($key_length / $hash_length); $output = ""; for ($i = 1; $i <= $block_count; $i++) { // $i encoded as 4 bytes, big endian. $last = $salt . pack("N", $i); // first iteration $last = $xorsum = hash_hmac($algorithm, $last, $password, true); // perform the other $count - 1 iterations for ($j = 1; $j < $count; $j++) { $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true)); } $output .= $xorsum; } if ($raw_output) return substr($output, 0, $key_length); else return bin2hex(substr($output, 0, $key_length)); } /** * Compares two strings $a and $b in length-constant time. * @param $a * @param $b * @return bool */ public static function pbkdf2_slow_equals($a, $b) { $diff = strlen($a) ^ strlen($b); for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) { $diff |= ord($a[$i]) ^ ord($b[$i]); } return $diff === 0; } /** * @param $password * @param $correct_hash * @return bool * @throws PydioException */ public static function pbkdf2_validate_password($password, $correct_hash) { $params = explode(":", $correct_hash); if (count($params) < HASH_SECTIONS) { if (strlen($correct_hash) == 32 && count($params) == 1) { return md5($password) == $correct_hash; } return false; } $pbkdf2 = base64_decode($params[HASH_PBKDF2_INDEX]); return self::pbkdf2_slow_equals( $pbkdf2, self::pbkdf2_apply( $params[HASH_ALGORITHM_INDEX], $password, $params[HASH_SALT_INDEX], (int)$params[HASH_ITERATION_INDEX], strlen($pbkdf2), true ) ); } /** * @param $password * @return string * @throws PydioException */ public static function pbkdf2_create_hash($password) { // format: algorithm:iterations:salt:hash $salt = Crypto::getRandomSalt(); return PBKDF2_HASH_ALGORITHM . ":" . PBKDF2_ITERATIONS . ":" . $salt . ":" . base64_encode(self::pbkdf2_apply( PBKDF2_HASH_ALGORITHM, $password, $salt, PBKDF2_ITERATIONS, PBKDF2_HASH_BYTE_SIZE, true )); } }