/**
* Build a new instance
*
* @param Generator $generator The random generator to use for seeds
* @param Factory $factory The hash factory to use for this instance
*
* @return void
*/
public function __construct(\PasswordLib\Random\Generator $generator = null)
{
if (is_null($generator)) {
$random = new RandomFactory();
$generator = $random->getMediumStrengthGenerator();
}
$this->generator = $generator;
}
/**
* Build a new instance
*
* @param array $options An array of options for the password isntance
* @param Generator $generator The random generator to use for seeds
*
* @return void
*/
public function __construct(array $options = array(), \PasswordLib\Random\Generator $generator = null)
{
$this->setOptions($this->defaultOptions);
$this->setOptions($options);
if (is_null($generator)) {
$random = new RandomFactory();
$generator = $random->getMediumStrengthGenerator();
}
$this->generator = $generator;
}
/**
* Build a new instance
*
* @param int $iterations The number of times to iterate the hash
* @param Generator $generator The random generator to use for seeds
*
* @return void
*/
public function __construct($iterations = 8, \PasswordLib\Random\Generator $generator = null)
{
if ($iterations > 31 || $iterations < 4) {
throw new \InvalidArgumentException('Invalid Iteration Count Supplied');
}
$this->iterations = $iterations;
if (is_null($generator)) {
$random = new RandomFactory();
$generator = $random->getMediumStrengthGenerator();
}
$this->generator = $generator;
}
/**
* @covers PasswordLib\Random\Factory::getMediumStrengthGenerator
* @covers PasswordLib\Random\Factory::getGenerator
* @covers PasswordLib\Random\Factory::findMixer
*/
public function testGetMediumStrengthGenerator()
{
$factory = new Factory();
$generator = $factory->getMediumStrengthGenerator();
$this->assertTrue($generator instanceof PasswordLib\Random\Generator);
$mixer = call_user_func(array(get_class($generator->getMixer()), 'getStrength'));
$this->assertTrue($mixer->compare(new Strength(Strength::MEDIUM)) <= 0);
foreach ($generator->getSources() as $source) {
$strength = call_user_func(array(get_class($source), 'getStrength'));
$this->assertTrue($strength->compare(new Strength(Strength::MEDIUM)) >= 0);
}
}
/**
* Build a new instance of the PBKDF password class
*
* @param PBKDF $derivation The derivation class to use
* @param int $size The size of hash to generate
* @param int $iterations The number of iterations to perform
* @param Generator $generator The Random Generator to use
*
* @return void;
*/
public function __construct(\PasswordLib\Key\Derivation\PBKDF $derivation = null, $size = 40, $iterations = 5000, \PasswordLib\Random\Generator $generator = null)
{
if (is_null($derivation)) {
$derivation = new PBKDF2();
}
$this->derivation = $derivation;
$this->size = $size < 40 ? 40 : (int) $size;
$this->iterations = $iterations > 0 ? (int) $iterations : 1;
if (is_null($generator)) {
$factory = new RandomFactory();
$generator = $factory->getMediumStrengthGenerator();
}
$this->generator = $generator;
}
/**
* Shuffle an array. This will preserve key => value relationships, and return
* a new array that has been randomized in order.
*
* To get keys randomized, simply pass the result through array_values()...
*
* @param array $array The input array to randomize
*
* @return array The suffled array
*/
public function shuffleArray(array $array)
{
$factory = new RandomFactory();
$generator = $factory->getMediumStrengthGenerator();
$result = array();
$values = array_values($array);
$keys = array_keys($array);
$max = count($array);
for ($i = $max - 1; $i >= 0; $i--) {
$int = $generator->generateInt(0, $i);
$result[$keys[$int]] = $values[$int];
unset($keys[$int], $values[$int]);
$keys = array_values($keys);
$values = array_values($values);
}
return $result;
}
/**
* Perform a constant time comparison between two hash strings
*
* This is done to prevent remote timing attacks from giving an attacker
* information about the hash remotely. This provides a constant runtime
* equality check between two strings of the same length. This should be used
* any time sensitive information is compared, as === can leak information
* about the position of the difference to an attacker.
*
* Additionally, for added protection we're hashing each hash again with the
* same random key, to further protect against any form of timing attacks if
* the two hashes are of different length
*
* @param string $hash1 The first hash to compare
* @param string $hash2 The second hash to compare
*
* @see http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
* @see http://rdist.root.org/2010/01/07/timing-independent-array-comparison/
* @return boolean True if the strings are identical
*/
protected function compareStrings($hash1, $hash2)
{
if (!$this->generator) {
$random = new RandomFactory();
$this->setGenerator($random->getMediumStrengthGenerator());
}
$key = $this->generator->generate(1024);
$hash1 = hash_hmac('sha512', $hash1, $key, true);
$hash2 = hash_hmac('sha512', $hash2, $key, true);
$len = strlen($hash1);
$result = 0;
for ($i = 0; $i < $len; $i++) {
$result |= ord($hash1[$i]) ^ ord($hash2[$i]);
}
return $result === 0;
}
