/**
* This class abstracts away from scrypt module, allowing for easy use.
*
- * You can create a new hash for a password by calling Scrypt:hash($password)
+ * You can create a new hash for a password by calling Scrypt:hashScrypt($password)
*
- * You can check a password by calling Scrypt:check($password, $hash)
+ * You can check a password by calling Scrypt:checkScrypt($password, $hash)
*
* @category Security
* @package Scrypt
*
* @return int
*/
- protected static function strlen( $str ) {
+ protected static function strlen ($str) {
static $isShadowed = null;
if ($isShadowed === null) {
*
* @return string The salt
*/
- public static function generateSalt($length = 8)
+ public static function generateScryptSalt ($length = 8)
{
$buffer = '';
$buffer_valid = false;
$buffer_valid = true;
}
}
- if (!$buffer_valid && is_readable('/dev/urandom')) {
+ if (!$buffer_valid && BaseFrameworkSystem::isReadableFile('/dev/urandom')) {
$f = fopen('/dev/urandom', 'r');
$read = static::strlen($buffer);
while ($read < $length) {
*
* @return string The hashed password
*/
- public static function hash($password, $salt = false, $N = 16384, $r = 8, $p = 1)
+ public static function hashScrypt ($password, $salt = false, $N = 16384, $r = 8, $p = 1)
{
+ if ((!FrameworkConfiguration::getSelfInstance()->isConfigurationEntrySet('extension_scrypt_loaded')) || (FrameworkConfiguration::getSelfInstance()->getConfigEntry('extension_scrypt_loaded') === FALSE)) {
+ // Feature has been disabled
+ throw new \InvalidArgumentException('Feature "scrypt" disabled.');
+ }
+
if ($N == 0 || ($N & ($N - 1)) != 0) {
- throw new \InvalidArgumentException("N must be > 0 and a power of 2");
+ throw new \InvalidArgumentException('N must be > 0 and a power of 2');
}
if ($N > PHP_INT_MAX / 128 / $r) {
- throw new \InvalidArgumentException("Parameter N is too large");
+ throw new \InvalidArgumentException('Parameter N is too large');
}
if ($r > PHP_INT_MAX / 128 / $p) {
- throw new \InvalidArgumentException("Parameter r is too large");
+ throw new \InvalidArgumentException('Parameter r is too large');
}
if ($salt === false) {
- $salt = self::generateSalt();
+ $salt = self::generateScryptSalt();
} else {
// Remove dollar signs from the salt, as we use that as a separator.
$salt = str_replace(array('+', '$'), array('.', ''), base64_encode($salt));
*
* @return boolean If the clear text matches
*/
- public static function check($password, $hash)
+ public static function checkScrypt ($password, $hash)
{
// Is there actually a hash?
if (!$hash) {
return false;
}
+ if ((!FrameworkConfiguration::getSelfInstance()->isConfigurationEntrySet('extension_scrypt_loaded')) || (FrameworkConfiguration::getSelfInstance()->getConfigEntry('extension_scrypt_loaded') === FALSE)) {
+ // Feature has been disabled
+ throw new \InvalidArgumentException('Feature "scrypt" disabled.');
+ }
+
list ($N, $r, $p, $salt, $hash) = explode('$', $hash);
// No empty fields?
$calculated = scrypt($password, $salt, $N, $r, $p, self::$_keyLength);
- // Use compareStrings to avoid timeing attacks
- return self::compareStrings($hash, $calculated);
+ // Use compareScryptHashes to avoid timeing attacks
+ return self::compareScryptHashes($hash, $calculated);
}
/**
*
* @return boolean If the two strings match.
*/
- public static function compareStrings($expected, $actual)
+ public static function compareScryptHashes ($expected, $actual)
{
$expected = (string) $expected;
$actual = (string) $actual;
projects / core.git / blobdiff