<?php
error_reporting(E_ALL | E_STRICT);
+// Load scrypt
+require 'lib/functions.php';
+require 'lib/scrypt.php';
+
define('START_TIME' , microtime(true));
define('CHECK_POINT' , 'chash.pos');
$GLOBALS['block_size'] = 100;
$GLOBALS['none_increment'] = (1 / pow(10, 20));
-// Hashing algorythm
-$GLOBALS['hash_algo'] = MHASH_SHA256;
-
// Automatic saving interval in seconds
$GLOBALS['flush_file_time'] = 30;
$GLOBALS['restart_search_time'] = 1800;
// Hashes per call
-$GLOBALS['hash_cycles'] = 5;
+$GLOBALS['hash_cycles'] = 2;
// Total restarts
$GLOBALS['total_restarts'] = 0;
+// Initial salt (may be overwritten by loading checkpoint file)
+$GLOBALS['salt'] = Scrypt::generateSalt();
+
+// Starting difficulty
+$GLOBALS['difficulty'] = 2;
+
// Found hashes
$GLOBALS['found_hashes'] = array(0 => array());
* @license See LICENSE (public-domain)
*/
-/**
- * Calculates a simple but stronger hash from given string. No salts are being
- * added here.
- *
- * @param $str The string to be hashed
- * @return $hash The hash from string $str
- */
-function hashString ($str) {
- // Calculate strong hash from given string
- $hash = mhash($GLOBALS['hash_algo'], $str);
-
- // Return it hexadecimal-encoded
- return bin2hex($hash);
-}
-
-/**
- * Multiple-hashes given string. This is done by hashing the given string and
- * then hashing the generated hash again.
- *
- * @param $str The string to be hashed 4 times
- * @return $hash The generated hash
- */
-function multipleHashString ($str) {
- // Generate hash from given hash
- $hash = hashString($str);
-
- // Now over-hash it
- for ($idx = 0; $idx < ($GLOBALS['hash_cycles'] - 1); $idx++) {
- // Over-hash the given hash
- $hash = hashString($hash);
- } // END - for
-
- // Return it
- return $hash;
-}
-
-/**
- * Calculates a "modula-hash" based given two hashes.
- *
- * @param $hash1 Hash 1
- * @param $hash2 Hash 2
- */
-function modulaHash ($hash1, $hash2) {
- // Both must have same length
- assert(strlen($hash1) === strlen($hash2));
-
- // Init propability array with 256 zeros
- $propability = array_fill(0, 256, 0);
-
- // Init new hash
- $modulaHash = '';
-
- // "Walk" trough first hash and get every 2 byte of both hashes
- for ($idx = 0; $idx < strlen($hash1); $idx += 2) {
- // Init modula value
- $mod = 0;
-
- // Get both hash parts and convert to ASCII number
- $part1 = hexdec(substr($hash1, $idx, 2));
- $part2 = hexdec(substr($hash2, $idx, 2));
-
- // Debug message
- //* NOISY-DEBUG: */ print 'part1=' . $part1 . ',part2=' . $part2 . PHP_EOL;
-
- /*
- * If part1 is larget part2, part1 is divident and vise-versa. But don't do it
- * if one is zero
- */
- if (($part1 > $part2) && ($part2 > 0)) {
- // 'part1' is larger than 'part2'
- $mod = $part1 % $part2;
- } elseif (($part2 > $part1) && ($part1 > 0)) {
- // 'part2' is larger than 'part1'
- $mod = $part2 % $part1;
- }
-
- // $mod is now mostly a small number so try to "improve" it
- //* NOISY-DEBUG: */ print 'mod[' . gettype($mod) . ']=' . $mod . ' - BEFORE!' . PHP_EOL;
- $mod = (int) round(sqrt($mod * ($part1 + $part2 + $mod ^ 7) / 3));
- //* NOISY-DEBUG: */ print 'mod[' . gettype($mod) . ']=' . $mod . ' - AFTER!' . PHP_EOL;
-
- // Make sure it is valid
- assert($mod >= 0);
- assert($mod <= 255);
-
- // "Invert" the result against 255 as zeros are not good for later calculations
- $mod = 255 - $mod;
-
- // Add it to propability array for debugging
- $propability[$mod]++;
-
- // Encode to hex, pre-pad it with zeros and add to new hash
- $modulaHash .= padHex($mod);
- } // END - for
-
- // Debug propability array
- $cnt = 0;
- foreach ($propability as $value) {
- // Is the value larger than one, means the number has been found at least once?
- if ($value > 0) {
- // Then count it
- $cnt++;
- } // END - if
- } // END - foreach
-
- // Debug message
- //* NOISY-DEBUG: */ print('cnt=' . $cnt . '/' . strlen($hash1) / 2 . PHP_EOL);
-
- // Modula hash must have same length as input hash
- assert(strlen($modulaHash) === strlen($hash1));
-
- // Return modula hash
- return $modulaHash;
-}
-
-/**
- * Calculates a "sqrt-hash" based given two hashes and single-hash it
- *
- * @param $hash1 Hash 1
- * @param $hash2 Hash 2
- */
-function sqrtHash ($hash1, $hash2) {
- // Both must have same length
- assert(strlen($hash1) === strlen($hash2));
-
- // Init new hash
- $sqrtHash = '';
-
- // "Walk" trough first hash and get every 2 byte of both hashes
- for ($idx = 0; $idx < strlen($hash1); $idx += 2) {
- // Init modula value
- $mod = 0;
-
- // Get both hash parts and convert to ASCII number
- $part1 = hexdec(substr($hash1, $idx, 2));
- $part2 = hexdec(substr($hash2, $idx, 2));
-
- // Calculate square root of both parts being multiplied and round up, then "invert" it against 255
- $sqrt = intval(255 - ceil(sqrt($part1 * $part2)));
-
- // Encode to hex, pre-pad it with zeros and add to new hash
- $sqrtHash .= padHex($sqrt);
- } // END - for
-
- // "sqrt-hash" must have same length as input hash
- assert(strlen($sqrtHash) === strlen($hash1));
-
- // Hash reversed "sqrt-hash" again and return it
- return hashString(strrev($sqrtHash));
-}
-
-/**
- * Converts a number between 0 and 255 into a zero-padded hexadecimal string
- *
- * @param $num Number between 0 and 255
- * @return $hex Hexadecimal string, padded with zeros
- */
-function padHex ($num) {
- // Must be a integer number and between 0 and 255
- assert(is_int($num));
- assert($num >= 0);
- assert($num <= 255);
-
- // Convert it
- $hex = str_pad(dechex($num), 2, '0', STR_PAD_LEFT);
-
- // ... and return it
- return $hex;
-}
-
-/**
- * Calculates sum from given hash
- *
- * @param $hash Hash to calculate sum from
- * @return $sum Sum from given hash
- */
-function calculateSumFromHash ($hash) {
- // Everything starts with zero ...
- $sum = 0;
-
- // Loop through hash
- for ($idx = 0; $idx < (strlen($hash) / 2); $idx++) {
- // And add it
- $sum = $sum + hexdec(substr($hash, $idx, 2));
- } // END - for
-
- // And return it
- return $sum;
-}
-
-/**
- * Calculates new nonce
- *
- * @return void
- */
-function calculateNonce () {
- // Linear incrementation
- $GLOBALS['nonce'] += $GLOBALS['none_increment'];
-}
-
-/**
- * Writes/flushes check-point file
- *
- * @param $hash Modula hash (or hash to save)
- * @return void
- */
-function flushCheckPointFile ($hash) {
- // Display message
- print ('FLUSHING: Writing ' . count($GLOBALS['found_hashes']) . ' blocks ...' . PHP_EOL);
-
- // Start timer
- $timer = microtime(true);
-
- // Flush data
- file_put_contents(
- CHECK_POINT,
- $GLOBALS['total_blocks'] . ':' .
- $GLOBALS['total_reward'] . ':' .
- $GLOBALS['total_hashes'] . ':' .
- $GLOBALS['total_found'] . ':' .
- $GLOBALS['total_restarts'] . ':' .
- $GLOBALS['hash_cycles'] . ':' .
- base64_encode((float) $GLOBALS['nonce']) . ':' .
- $hash . ':' .
- $GLOBALS['root_hash'] . ':' .
- base64_encode(gzcompress(json_encode($GLOBALS['found_hashes'])))
- );
-
- // Set time
- $GLOBALS['time_flush'] = microtime(true);
- print ('FLUSHING: Took ' . ($GLOBALS['time_flush'] - $timer) . ' seconds.' . PHP_EOL);
-}
-
-/**
- * Adds a found hash and flushes the checkpoint file
- *
- * @param $hash Hash to save
- */
-function addFoundHash ($hash) {
- // Increment counter
- $GLOBALS['total_found']++;
-
- // Add hash to array
- array_push($GLOBALS['found_hashes'][$GLOBALS['total_blocks']], array(
- 'modula_hash' => $GLOBALS['modula_hash'],
- 'genesis_hash' => $GLOBALS['genesis_hash'],
- 'root_hash' => $GLOBALS['root_hash'],
- 'nonce' => (float) $GLOBALS['nonce'],
- 'iter' => $GLOBALS['iteration'],
- 'hashes_block' => $GLOBALS['hashes_block'],
- 'hash_cycles' => $GLOBALS['hash_cycles'],
- 'nonce_hash' => $hash
- ));
-
- // Found hash:
- print ('FOUND: hash=' . $hash . ',nonce=' . $GLOBALS['nonce'] . ',total_found=' . $GLOBALS['total_found'] . PHP_EOL);
-
- // Set time as a new hash was found
- $GLOBALS['found_time'] = microtime(true);
-
- // Flush check-point file after new hash is found
- flushCheckPointFile($hash);
-
- // Use nonceHash as next modula hash
- setModulaHash($hash);
-}
-
-/**
- * Initializes nonce
- *
- * @return void
- */
-function initNonce () {
- $GLOBALS['nonce'] = 1 / (mt_rand() ^ pi());
- print (__FUNCTION__ . ': nonce=' . $GLOBALS['nonce'] . PHP_EOL);
-}
-
-/**
- * Sets modula hash and calculates sum of it
- *
- * @param $hash Hash to set as "modula hash"
- * @return void
- */
-function setModulaHash ($hash) {
- $GLOBALS['modula_hash'] = $hash;
- $GLOBALS['sum_modula'] = calculateSumFromHash($GLOBALS['modula_hash']);
+// Is the check point there?
+if (is_readable(CHECK_POINT)) {
+ // Load it
+ loadCheckpointFile();
+} else {
+ // Create nonce (very small)
+ initNonce();
}
/*
multipleHashString('Your code is shit. Your argument is shit.'),
);
-// Calculate "modula hash" from 1st/4th and 2nd/3rd
-$modulaHashes = array(
- // "Block" 0
- modulaHash($gensisHashes[0], $gensisHashes[3]),
- modulaHash($gensisHashes[1], $gensisHashes[2]),
-
- // "Block" 1
- modulaHash($gensisHashes[4], $gensisHashes[7]),
- modulaHash($gensisHashes[5], $gensisHashes[6]),
+// Calculate first "block"
+$genesisBlock = array(
+ hashString($gensisHashes[0] . $gensisHashes[3]),
+ hashString($gensisHashes[1] . $gensisHashes[2]),
+ hashString($gensisHashes[4] . $gensisHashes[7]),
+ hashString($gensisHashes[5] . $gensisHashes[6]),
);
-// Calculate "sqrt hash"
-$sqrtHashes = array(
- sqrtHash($modulaHashes[0], $modulaHashes[1]),
- sqrtHash($modulaHashes[2], $modulaHashes[3])
+// Calulcate final "genesis" hash
+$genesisHash = hashString(
+ $genesisBlock[0] .
+ $genesisBlock[2] .
+ $genesisBlock[1] .
+ $genesisBlock[3]
);
-// Calulcate modula hash
-setModulaHash(multipleHashString(modulaHash($sqrtHashes[0], $sqrtHashes[1])));
+// Get all elements to get the last part out
+$elements = explode('$', $genesisHash);
// This is also the "genesis" hash and first root hash
-$GLOBALS['genesis_hash'] = $GLOBALS['modula_hash'];
-$GLOBALS['root_hash'] = $GLOBALS['modula_hash'];
+$GLOBALS['current_hash'] = $genesisHash;
+$GLOBALS['root_hash'] = $genesisHash;
+$GLOBALS['sum_genesis'] = sumHash($elements[4]);
// Output results
print ('hashes=' . print_r($gensisHashes, true));
-print ('modulaHashes=' . print_r($modulaHashes, true));
-print ('sqrtHashes=' . print_r($sqrtHashes, true));
-print ('modulaHash=' . $GLOBALS['modula_hash'] . PHP_EOL);
// Total reward + hashes
$GLOBALS['total_reward'] = 0;
$GLOBALS['total_blocks'] = 0;
$GLOBALS['found_time'] = microtime(true);
-// Is the check point there?
-if (is_readable(CHECK_POINT)) {
- // Then load it
- $checkPoint = file_get_contents(CHECK_POINT);
-
- // Explode it
- $data = explode(':', $checkPoint);
-
- // Assert on count
- assert(count($data) == 10);
-
- // 1st element is nonce, 2nd hash, 3rd found hashes
- $GLOBALS['total_blocks'] = $data[0];
- $GLOBALS['total_reward'] = $data[1];
- $GLOBALS['total_hashes'] = $data[2];
- $GLOBALS['total_found'] = $data[3];
- $GLOBALS['total_restarts'] = $data[4];
- $GLOBALS['hash_cycles'] = intval($data[5]);
- $GLOBALS['nonce'] = (float) base64_decode($data[6]);
- $GLOBALS['root_hash'] = $data[8];
- $GLOBALS['found_hashes'] = json_decode(gzuncompress(base64_decode($data[9])));
-
- // Set modula hash
- setModulaHash($data[7]);
-} else {
- // Create nonce (small)
- initNonce();
-}
-
// Output again
-print ('modulaHash=' . $GLOBALS['modula_hash'] . PHP_EOL);
print ('nonce=' . $GLOBALS['nonce'] . PHP_EOL);
print ('found=' . count($GLOBALS['found_hashes'][$GLOBALS['total_blocks']]) . PHP_EOL);
+print ('salt=' . $GLOBALS['salt'] . PHP_EOL);
+print ('difficulty=' . $GLOBALS['difficulty'] . PHP_EOL);
// Start "mining"
while (true) {
while (count($GLOBALS['found_hashes'][$GLOBALS['total_blocks']]) <= $GLOBALS['block_size']) {
// Create hash from modulaHash ("genesis hash") and nonce
- $nonceHash = multipleHashString($GLOBALS['nonce'] . $GLOBALS['modula_hash']);
+ $nonceHash = multipleHashString($GLOBALS['nonce'] . $GLOBALS['current_hash']);
// Calculate sums
$sumNonce = calculateSumFromHash($nonceHash);
// Now start the "mining" ...
$timeHash = microtime(true);
- while ($sumNonce < $GLOBALS['sum_modula']) {
+ while ($sumNonce < $GLOBALS['sum_genesis']) {
// Calculate new nonce
calculateNonce();
// And hash again
- $nonceHash = multipleHashString($GLOBALS['nonce'] . $GLOBALS['modula_hash']);
+ $nonceHash = multipleHashString($GLOBALS['nonce'] . $GLOBALS['current_hash']);
// Calculate sums
$sumNonce = calculateSumFromHash($nonceHash);
// Only every second
if ($testTime >= 1) {
// Display hash rate
- print ('hashrate=' . round($hashrate) . ' hashes/sec,iterSecond=' . $GLOBALS['iteration_second'] . ' iterations/sec' . PHP_EOL);
+ print ('hashrate=' . round($hashrate) . ' hashes/sec,iterSecond=' . $GLOBALS['iteration_second'] . ' iterations/sec,difficulty=' . $GLOBALS['difficulty'] . PHP_EOL);
// Reset timer
$timeDisplay = microtime(true);
// Only once per 10 seconds
if ($testTime >= $GLOBALS['flush_file_time']) {
// Flush check-point file
- flushCheckPointFile($GLOBALS['modula_hash']);
+ flushCheckPointFile($GLOBALS['current_hash']);
} // END - if
// Time spend from last found block
// Is the last found time to far away?
if ($testTime >= $GLOBALS['restart_search_time']) {
- // Count up restart
+ // Count up restart and reduce difficulty, but never below 2
$GLOBALS['total_restarts']++;
+ $GLOBALS['difficulty'] = max(2, ($GLOBALS['difficulty'] / 2));
// Output message
print('total_restarts=' . $GLOBALS['total_restarts'] . ' - Restarting ...');
//print ('nonce=' . $GLOBALS['nonce'] . ',iteration=' . $GLOBALS['iteration'] . PHP_EOL);
//print ('nonceHash=' . $nonceHash . PHP_EOL);
//print ('sumNonce=' . $sumNonce . PHP_EOL);
- //print ('sumModula=' . $GLOBALS['sum_modula'] . PHP_EOL);
+ //print ('sumGenesis=' . $GLOBALS['sum_genesis'] . PHP_EOL);
} // END - while
// If the iteration is zero, then no hash is found
$reward = abs($timeBlock - $timeBadHashes) / $hashrate * $GLOBALS['hashes_block'] / $GLOBALS['block_size'] * 1000;
print ('timeBlock=' . $timeBlock . ',timeBadHashes=' . $timeBadHashes . ',hashesPerBlock=' . $GLOBALS['hashes_block'] .',reward=' . $reward . PHP_EOL);
+ // Double difficulty
+ $GLOBALS['difficulty'] = $GLOBALS['difficulty'] * 2;
+
// Block completed
$GLOBALS['total_hashes'] += $GLOBALS['hashes_block'];
$GLOBALS['total_blocks']++;
--- /dev/null
+<?php
+/**
+ * Calculates a simple but stronger hash from given string. No salts are being
+ * added here.
+ *
+ * @param $str The string to be hashed
+ * @return $hash The hash from string $str
+ */
+function hashString ($str) {
+ // Calculate strong hash from given string
+ $hash = Scrypt::hash($str, $GLOBALS['salt'], $GLOBALS['difficulty']);
+
+ // Return it directly
+ return $hash;
+}
+
+/**
+ * Multiple-hashes given string. This is done by hashing the given string and
+ * then hashing the generated hash again.
+ *
+ * @param $str The string to be hashed 4 times
+ * @return $hash The generated hash
+ */
+function multipleHashString ($str) {
+ // Generate hash from given hash
+ $hash = hashString($str);
+
+ // Now over-hash it
+ for ($idx = 0; $idx < ($GLOBALS['hash_cycles'] - 1); $idx++) {
+ // Over-hash the given hash
+ $hash = hashString($hash);
+ } // END - for
+
+ // Return it
+ return $hash;
+}
+
+/**
+ * Calculates sum from given hash
+ *
+ * @param $hash Hash to calculate sum from
+ * @return $sum Sum from given hash
+ */
+function calculateSumFromHash ($hash) {
+ // Everything starts with zero ...
+ $sum = 0;
+
+ // Loop through hash
+ for ($idx = 0; $idx < (strlen($hash) / 2); $idx++) {
+ // And add it
+ $sum = $sum + hexdec(substr($hash, $idx, 2));
+ } // END - for
+
+ // And return it
+ return $sum;
+}
+
+/**
+ * Calculates new nonce
+ *
+ * @return void
+ */
+function calculateNonce () {
+ // Linear incrementation
+ $GLOBALS['nonce'] += $GLOBALS['none_increment'];
+}
+
+/**
+ * Writes/flushes check-point file
+ *
+ * @param $hash Found hash or gensis hash
+ * @return void
+ */
+function flushCheckPointFile ($hash) {
+ // Display message
+ print ('FLUSHING: Writing ' . count($GLOBALS['found_hashes']) . ' blocks ...' . PHP_EOL);
+
+ // Start timer
+ $timer = microtime(true);
+
+ // Flush data
+ file_put_contents(
+ CHECK_POINT,
+ $GLOBALS['total_blocks'] . '|' .
+ $GLOBALS['total_reward'] . '|' .
+ $GLOBALS['total_hashes'] . '|' .
+ $GLOBALS['total_found'] . '|' .
+ $GLOBALS['total_restarts'] . '|' .
+ $GLOBALS['hash_cycles'] . '|' .
+ $GLOBALS['salt'] . '|' .
+ $GLOBALS['difficulty'] . '|' .
+ base64_encode((float) $GLOBALS['nonce']) . '|' .
+ $hash . '|' .
+ $GLOBALS['root_hash'] . '|' .
+ base64_encode(gzcompress(json_encode($GLOBALS['found_hashes'])))
+ );
+
+ // Set time
+ $GLOBALS['time_flush'] = microtime(true);
+ print ('FLUSHING: Took ' . ($GLOBALS['time_flush'] - $timer) . ' seconds.' . PHP_EOL);
+}
+
+/**
+ * Adds a found hash and flushes the checkpoint file
+ *
+ * @param $hash Hash to save
+ */
+function addFoundHash ($hash) {
+ // Increment counter
+ $GLOBALS['total_found']++;
+
+ // Add hash to array
+ array_push($GLOBALS['found_hashes'][$GLOBALS['total_blocks']], array(
+ 'current_hash' => $GLOBALS['current_hash'],
+ 'root_hash' => $GLOBALS['root_hash'],
+ 'nonce' => (float) $GLOBALS['nonce'],
+ 'iter' => $GLOBALS['iteration'],
+ 'hashes_block' => $GLOBALS['hashes_block'],
+ 'hash_cycles' => $GLOBALS['hash_cycles'],
+ 'difficulty' => $GLOBALS['difficulty'],
+ 'nonce_hash' => $hash,
+ ));
+
+ // Found hash:
+ print ('FOUND: hash=' . $hash . ',nonce=' . $GLOBALS['nonce'] . ',total_found=' . $GLOBALS['total_found'] . PHP_EOL);
+
+ // Set time as a new hash was found
+ $GLOBALS['found_time'] = microtime(true);
+
+ // Flush check-point file after new hash is found
+ flushCheckPointFile($hash);
+}
+
+/**
+ * Initializes nonce
+ *
+ * @return void
+ */
+function initNonce () {
+ $GLOBALS['nonce'] = 1 / (mt_rand() ^ pi());
+ print (__FUNCTION__ . ': nonce=' . $GLOBALS['nonce'] . PHP_EOL);
+}
+
+/**
+ * Sums all hex parts of the hash to one final sum
+ *
+ * @param $hash Hex-hash to sum
+ * @return Sum of hash
+ */
+function sumHash ($hash) {
+ // Init it
+ $sum = 0;
+
+ for ($i = 0; $i < (strlen($hash) / 2); $i++) {
+ $sum += hexdec(substr($hash, $i, 2));
+ }
+
+ return $sum;
+}
+
+/**
+ * Loads check-point file, if found
+ *
+ * @return void
+ */
+function loadCheckpointFile () {
+ // Is the check point there?
+ if (is_readable(CHECK_POINT)) {
+ // Then load it
+ $checkPoint = file_get_contents(CHECK_POINT);
+
+ // Explode it
+ $data = explode('|', $checkPoint);
+
+ // Assert on count
+ assert(count($data) == 10);
+
+ // 1st element is nonce, 2nd hash, 3rd found hashes
+ $GLOBALS['total_blocks'] = $data[0];
+ $GLOBALS['total_reward'] = $data[1];
+ $GLOBALS['total_hashes'] = $data[2];
+ $GLOBALS['total_found'] = $data[3];
+ $GLOBALS['total_restarts'] = $data[4];
+ $GLOBALS['hash_cycles'] = intval($data[5]);
+ $GLOBALS['salt'] = $data[6];
+ $GLOBALS['difficulty'] = $data[7];
+ $GLOBALS['nonce'] = (float) base64_decode($data[8]);
+ $GLOBALS['current_hash'] = $data[9];
+ $GLOBALS['root_hash'] = $data[9];
+ $GLOBALS['found_hashes'] = json_decode(gzuncompress(base64_decode($data[11])));
+ } // END - if
+}
--- /dev/null
+<?php
+
+/**
+ * This file contains an example helper classes for the php-scrypt extension.
+ *
+ * As with all cryptographic code; it is recommended that you use a tried and
+ * tested library which uses this library; rather than rolling your own.
+ *
+ * PHP version 5
+ *
+ * @category Security
+ * @package Scrypt
+ * @author Dominic Black <thephenix@gmail.com>
+ * @license http://www.opensource.org/licenses/BSD-2-Clause BSD 2-Clause License
+ * @link http://github.com/DomBlack/php-scrypt
+ */
+
+/**
+ * This class abstracts away from scrypt module, allowing for easy use.
+ *
+ * You can create a new hash for a password by calling Password::hash($password)
+ *
+ * You can check a password by calling Password::check($password, $hash)
+ *
+ * @category Security
+ * @package Scrypt
+ * @author Dominic Black <thephenix@gmail.com>
+ * @license http://www.opensource.org/licenses/BSD-2-Clause BSD 2-Clause License
+ * @link http://github.com/DomBlack/php-scrypt
+ */
+class Scrypt
+{
+
+ /**
+ *
+ * @var int The key length
+ */
+ private static $_keyLength = 32;
+
+ /**
+ * Get the byte-length of the given string
+ *
+ * @param string $str Input string
+ *
+ * @return int
+ */
+ protected static function strlen( $str ) {
+ static $isShadowed = null;
+
+ if ($isShadowed === null) {
+ $isShadowed = extension_loaded('mbstring') &&
+ ini_get('mbstring.func_overload') & 2;
+ }
+
+ if ($isShadowed) {
+ return mb_strlen($str, '8bit');
+ } else {
+ return strlen($str);
+ }
+ }
+
+ /**
+ * Generates a random salt
+ *
+ * @param int $length The length of the salt
+ *
+ * @return string The salt
+ */
+ public static function generateSalt($length = 8)
+ {
+ $buffer = '';
+ $buffer_valid = false;
+ if (function_exists('random_bytes')) {
+ try {
+ $buffer = random_bytes($length);
+ $buffer_valid = true;
+ } catch (Exception $ignored) { }
+ }
+
+ if (!$buffer_valid && function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
+ $buffer = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+ if ($buffer) {
+ $buffer_valid = true;
+ }
+ }
+
+ if (!$buffer_valid && is_readable('/dev/urandom')) {
+ $f = fopen('/dev/urandom', 'r');
+ $read = static::strlen($buffer);
+ while ($read < $length) {
+ $buffer .= fread($f, $length - $read);
+ $read = static::strlen($buffer);
+ }
+ fclose($f);
+ if ($read >= $length) {
+ $buffer_valid = true;
+ }
+ }
+
+ if (!$buffer_valid) {
+ throw new Exception("No suitable random number generator available");
+ }
+
+ $salt = str_replace(array('+', '$'), array('.', ''), base64_encode($buffer));
+
+ return $salt;
+ }
+
+ /**
+ * Create a password hash
+ *
+ * @param string $password The clear text password
+ * @param string $salt The salt to use, or null to generate a random one
+ * @param int $N The CPU difficultly (must be a power of 2, > 1)
+ * @param int $r The memory difficultly
+ * @param int $p The parallel difficultly
+ *
+ * @return string The hashed password
+ */
+ public static function hash($password, $salt = false, $N = 16384, $r = 8, $p = 1)
+ {
+ if ($N == 0 || ($N & ($N - 1)) != 0) {
+ throw new \InvalidArgumentException("N must be > 0 and a power of 2");
+ }
+
+ if ($N > PHP_INT_MAX / 128 / $r) {
+ throw new \InvalidArgumentException("Parameter N is too large");
+ }
+
+ if ($r > PHP_INT_MAX / 128 / $p) {
+ throw new \InvalidArgumentException("Parameter r is too large");
+ }
+
+ if ($salt === false) {
+ $salt = self::generateSalt();
+ } else {
+ // Remove dollar signs from the salt, as we use that as a separator.
+ $salt = str_replace(array('+', '$'), array('.', ''), base64_encode($salt));
+ }
+
+ $hash = scrypt($password, $salt, $N, $r, $p, self::$_keyLength);
+
+ return $N . '$' . $r . '$' . $p . '$' . $salt . '$' . $hash;
+ }
+
+ /**
+ * Check a clear text password against a hash
+ *
+ * @param string $password The clear text password
+ * @param string $hash The hashed password
+ *
+ * @return boolean If the clear text matches
+ */
+ public static function check($password, $hash)
+ {
+ // Is there actually a hash?
+ if (!$hash) {
+ return false;
+ }
+
+ list ($N, $r, $p, $salt, $hash) = explode('$', $hash);
+
+ // No empty fields?
+ if (empty($N) or empty($r) or empty($p) or empty($salt) or empty($hash)) {
+ return false;
+ }
+
+ // Are numeric values numeric?
+ if (!is_numeric($N) or !is_numeric($r) or !is_numeric($p)) {
+ return false;
+ }
+
+ $calculated = scrypt($password, $salt, $N, $r, $p, self::$_keyLength);
+
+ // Use compareStrings to avoid timeing attacks
+ return self::compareStrings($hash, $calculated);
+ }
+
+ /**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ *
+ * Compare two strings to avoid timing attacks
+ *
+ * C function memcmp() internally used by PHP, exits as soon as a difference
+ * is found in the two buffers. That makes possible of leaking
+ * timing information useful to an attacker attempting to iteratively guess
+ * the unknown string (e.g. password).
+ *
+ * @param string $expected
+ * @param string $actual
+ *
+ * @return boolean If the two strings match.
+ */
+ public static function compareStrings($expected, $actual)
+ {
+ $expected = (string) $expected;
+ $actual = (string) $actual;
+ $lenExpected = static::strlen($expected);
+ $lenActual = static::strlen($actual);
+ $len = min($lenExpected, $lenActual);
+
+ $result = 0;
+ for ($i = 0; $i < $len; $i ++) {
+ $result |= ord($expected[$i]) ^ ord($actual[$i]);
+ }
+ $result |= $lenExpected ^ $lenActual;
+
+ return ($result === 0);
+ }
+}
projects / core.git / commitdiff