/** * Creates a salted hash from a string. * * @param string $str * String to hash. * * @return string * Returns hashed string, or false on error. */ public static function create($str) { switch (self::$_method) { case self::BCRYPT: $saltRnd = phpsecRand::str(22, self::$charsets['itoa64']); $salt = sprintf('$2a$%s$%s', self::$_bcrypt_cost, $saltRnd); $hash = crypt($str, $salt); break; case self::PBKDF2: $salt = phpsecRand::bytes(64); $hash = phpsecCrypt::pbkdf2($str, $salt, self::$_pbkdf2_c, self::$_pbkdf2_dkLen, self::$_pbkdf2_prf); $hash = sprintf('$pbkdf2$c=%s&dk=%s&f=%s$%s$%s', self::$_pbkdf2_c, self::$_pbkdf2_dkLen, self::$_pbkdf2_prf, base64_encode($hash), base64_encode($salt)); break; case self::SHA256: case self::SHA512: $saltRnd = phpsecRand::str(16, self::$charsets['itoa64']); $salt = sprintf('%srounds=%s$%s', self::$_method, self::$_sha2_c, $saltRnd); $hash = crypt($str, $salt); break; } if (strlen($hash) > 13) { return $hash; } return false; }
/** * Create a hashed version of a password, safe for storage in a database. * This function return a json encoded array that can be stored directly * into a database. The array has the following layout: * array( * 'hash' => The hash created from the password and a salt. * 'salt' => The salt that was used along with the password to create the hash. * 'algo' => The hashing algorithm used. * ) * * @param string $password * The password to hash. * * @return string * Returns a json encoded array containing the password hash, salt and * some meta data. */ public static function hash($password) { $salt = phpsecRand::bytes(64); switch (self::$_method) { case self::phpsecPw_PBKDF2: $hash = phpsecCrypt::pbkdf2($password, $salt, self::$_pbkdf2_c, self::$_pbkdf2_dkLen, self::$_pbkdf2_prf); /* phpsecCrypt::pbkdf2() returns a binary string. So let's base64 encode it.*/ $hash = base64_encode($hash); /* We append the iteration count, derived key length and PRF as we need this later. */ $algo = 'pbkdf2:' . self::$_pbkdf2_c . ':' . self::$_pbkdf2_dkLen . ':' . self::$_pbkdf2_prf; break; default: $injected = self::inject($password, $salt); $hash = hash(self::$_method, $injected); $algo = self::$_method; } $return = array('hash' => $hash, 'salt' => base64_encode($salt), 'algo' => $algo); return json_encode($return); }
/** * Encrypt data returning a JSON encoded array safe for storage in a database * or file. The array has the following structure before it is encoded: * array( * 'cdata' => 'Encrypted data, Base 64 encoded', * 'iv' => 'Base64 encoded IV', * 'algo' => 'Algorythm used', * 'mode' => 'Mode used', * 'mac' => 'Message Authentication Code' * ) * * @param mixed $data * Data to encrypt. * * @param string $key * Key to encrypt data with. * * @return string * Serialized array containing the encrypted data along with some meta data. */ public static function encrypt($data, $key) { $td = mcrypt_module_open(self::$_algo, '', self::$_mode, ''); /* Check key size. */ $keySize = strlen($key); $keySizes = mcrypt_enc_get_supported_key_sizes($td); if (count($keySizes) > 0) { /* Encryption method requires a specific key size. */ if (!in_array($keySize, $keySizes)) { phpsec::error('Key is out of range. Should be one of: ' . var_export($keySizes, 1)); return false; } } else { /* No spsecific size is needed. */ if ($keySize == 0 || $keySize > mcrypt_enc_get_key_size($td)) { phpsec::error('Key is out of range. Should be: 1 - ' . mcrypt_enc_get_key_size($td) . ' bytes.'); return false; } } /* Create IV. */ $iv = phpsecRand::bytes(mcrypt_enc_get_iv_size($td)); /* Init mcrypt. */ mcrypt_generic_init($td, $key, $iv); /* Prepeare the array with data. */ $serializedData = serialize($data); /* Add padding if enabled. */ if (self::$_padding === true) { $block = mcrypt_enc_get_block_size($td); $serializedData = self::pad($block, $serializedData); } $encrypted['algo'] = self::$_algo; /* Algorithm used to encrypt. */ $encrypted['mode'] = self::$_mode; /* Algorithm mode. */ $encrypted['iv'] = base64_encode($iv); /* Initialization vector, just a bunch of randomness. */ $encrypted['cdata'] = base64_encode(mcrypt_generic($td, $serializedData)); /* The encrypted data. */ $encrypted['mac'] = base64_encode(self::pbkdf2($encrypted['cdata'], $key, 1000, 32)); return json_encode($encrypted); }
public function generate_unique_sequence($entropy = 100) { require_once 'lib/phpsec/phpsec/phpsec.rand.php'; return base64_encode(phpsecRand::bytes($entropy)); }
private function generate_provisional_password() { global $tikilib; require_once 'lib/phpsec/phpsec/phpsec.rand.php'; $site_hash = $tikilib->get_site_hash(); $random_value = phpsecRand::bytes(40); return base64_encode(sha1($random_value . $site_hash, true)); }
/** * Set the cookie with the secret. * * @return true */ private static function setSecret() { self::$_secret = phpsecRand::bytes(32); $cookieParam = session_get_cookie_params(); setcookie(self::$_keyCookie, base64_encode(self::$_secret), $cookieParam['lifetime'], $cookieParam['path'], $cookieParam['domain'], $cookieParam['secure'], $cookieParam['httponly']); return true; }
public function get_site_hash() { global $prefs; if (! isset($prefs['internal_site_hash'])) { require_once 'lib/phpsec/phpsec/phpsec.rand.php'; $hash = base64_encode(phpsecRand::bytes(100)); $this->set_preference('internal_site_hash', $hash); } return $prefs['internal_site_hash']; }