Right now this class provides a PHP based PBKDF2 implementation.
/**
* @test
* @dataProvider pbkdf2TestVectors
*/
public function pbkdf2TestVectorsAreCorrect($password, $salt, $iterationCount, $derivedKeyLength, $output)
{
$result = Algorithms::pbkdf2($password, $salt, $iterationCount, $derivedKeyLength, 'sha1');
$this->assertEquals(unpack('H*', pack('H*', $output)), unpack('H*', $result));
}
/**
* Validate a password against a derived key (hashed password) and salt using PBKDF2.
* Iteration count and algorithm have to match the parameters when generating the derived key.
*
* @param string $password The cleartext password
* @param string $hashedPasswordAndSalt The derived key and salt in Base64 encoding as returned by hashPassword for verification
* @param string $staticSalt Static salt that will be appended to the dynamic salt
* @return boolean TRUE if the given password matches the hashed password
* @throws \InvalidArgumentException
*/
public function validatePassword($password, $hashedPasswordAndSalt, $staticSalt = null)
{
$parts = explode(',', $hashedPasswordAndSalt);
if (count($parts) !== 2) {
throw new \InvalidArgumentException('The derived key with salt must contain a salt, separated with a comma from the derived key', 1306172911);
}
$dynamicSalt = base64_decode($parts[0]);
$derivedKey = base64_decode($parts[1]);
$derivedKeyLength = strlen($derivedKey);
return $derivedKey === CryptographyAlgorithms::pbkdf2($password, $dynamicSalt . $staticSalt, $this->iterationCount, $derivedKeyLength, $this->algorithm);
}