public function needsRehash($oldHash)
{
$ident = $this->getIdentifier();
if (Utils::binaryStrlen($ident) > Utils::binaryStrlen($oldHash)) {
return true;
}
$oldIdent = Utils::binarySubstr($oldHash, 0, Utils::binaryStrlen($ident));
return $ident !== $oldIdent;
}
public function verifyHMAC($data)
{
$data = base64_decode($data);
if (Utils::binaryStrlen($data) <= 32) {
return false;
}
$hash = Utils::binarySubstr($data, -32, 32);
$data = Utils::binarySubstr($data, 0, -32);
$newhash = hash_hmac('sha256', $data, $this->getHMACSecret(), true);
return Utils::compareStr($hash, $newhash) ? $data : false;
}
public function getBytes($count)
{
$bytes = '';
if (function_exists('openssl_random_pseudo_bytes') && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
// Primary source for random bytes is the OpenSSL prng,
// but OpenSSL is slow on windows, so avoid it there
$bytes = openssl_random_pseudo_bytes($count);
} else {
if (function_exists('mcrypt_create_iv')) {
// Use mcrypt_create_iv to read bytes from /dev/urandom
$bytes = mcrypt_create_iv($count, MCRYPT_DEV_URANDOM);
} else {
if (is_readable('/dev/urandom') && ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) {
// Read from /dev/urandom directly if available
$bytes = fread($hRand, $count);
fclose($hRand);
}
}
}
if ($bytes === false || Utils::binaryStrlen($bytes) < $count) {
throw new RNGException('Failed to get random bytes.');
}
return $bytes;
}