‪TYPO3CMS  10.4
BlowfishPasswordHash.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
22 
31 {
35  protected const ‪PREFIX = '$2a$';
36 
40  protected ‪$options = [
41  'hash_count' => 7
42  ];
43 
50  public function ‪__construct(array ‪$options = [])
51  {
52  $newOptions = ‪$this->options;
53  if (isset(‪$options['hash_count'])) {
54  if ((int)‪$options['hash_count'] < 4 || (int)‪$options['hash_count'] > 17) {
55  throw new \InvalidArgumentException(
56  'hash_count must not be lower than 4 or bigger than 17',
57  1533903545
58  );
59  }
60  $newOptions['hash_count'] = (int)‪$options['hash_count'];
61  }
62  $this->options = $newOptions;
63  }
64 
73  public function ‪checkPassword(string $plainPW, string $saltedHashPW): bool
74  {
75  $isCorrect = false;
76  if ($this->‪isValidSalt($saltedHashPW)) {
77  $isCorrect = \password_verify($plainPW, $saltedHashPW);
78  }
79  return $isCorrect;
80  }
81 
87  public function ‪isAvailable(): bool
88  {
89  return (bool)CRYPT_BLOWFISH;
90  }
91 
98  public function ‪getHashedPassword(string $password)
99  {
100  $saltedPW = null;
101  if (!empty($password)) {
102  $salt = $this->‪getGeneratedSalt();
103  $saltedPW = crypt($password, $this->‪applySettingsToSalt($salt));
104  }
105  return $saltedPW;
106  }
107 
119  public function ‪isHashUpdateNeeded(string $saltedPW): bool
120  {
121  // Check whether the iteration count used differs from the standard number.
122  $countLog2 = $this->‪getCountLog2($saltedPW);
123  return $countLog2 !== null && $countLog2 < $this->options['hash_count'];
124  }
125 
132  public function ‪isValidSaltedPW(string $saltedPW): bool
133  {
134  $isValid = !strncmp(self::PREFIX, $saltedPW, strlen(self::PREFIX));
135  if ($isValid) {
136  $isValid = $this->‪isValidSalt($saltedPW);
137  }
138  return $isValid;
139  }
140 
152  protected function ‪getGeneratedSalt(): string
153  {
154  $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes(16);
155  return $this->‪base64Encode($randomBytes, 16);
156  }
157 
164  protected function ‪applySettingsToSalt(string $salt): string
165  {
166  $saltWithSettings = $salt;
167  $reqLenBase64 = $this->‪getLengthBase64FromBytes(16);
168  // salt without setting
169  if (strlen($salt) == $reqLenBase64) {
170  $saltWithSettings = self::PREFIX . sprintf('%02u', $this->options['hash_count']) . '$' . $salt;
171  }
172  return $saltWithSettings;
173  }
174 
181  protected function ‪getCountLog2(string $setting): int
182  {
183  $countLog2 = null;
184  $setting = substr($setting, strlen(self::PREFIX));
185  $firstSplitPos = strpos($setting, '$');
186  // Hashcount existing
187  if ($firstSplitPos !== false && $firstSplitPos <= 2 && is_numeric(substr($setting, 0, $firstSplitPos))) {
188  $countLog2 = (int)substr($setting, 0, $firstSplitPos);
189  }
190  return $countLog2;
191  }
192 
198  protected function ‪getItoa64(): string
199  {
200  return './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
201  }
202 
209  protected function ‪isValidSalt(string $salt): bool
210  {
211  $isValid = ($skip = false);
212  $reqLenBase64 = $this->‪getLengthBase64FromBytes(16);
213  if (strlen($salt) >= $reqLenBase64) {
214  // Salt with prefixed setting
215  if (!strncmp('$', $salt, 1)) {
216  if (!strncmp(self::PREFIX, $salt, strlen(self::PREFIX))) {
217  $isValid = true;
218  $salt = substr($salt, (int)strrpos($salt, '$') + 1);
219  } else {
220  $skip = true;
221  }
222  }
223  // Checking base64 characters
224  if (!$skip && strlen($salt) >= $reqLenBase64) {
225  if (preg_match('/^[' . preg_quote($this->‪getItoa64(), '/') . ']{' . $reqLenBase64 . ',' . $reqLenBase64 . '}$/', substr($salt, 0, $reqLenBase64))) {
226  $isValid = true;
227  }
228  }
229  }
230  return $isValid;
231  }
232 
240  protected function ‪base64Encode(string $input, int $count): string
241  {
242  ‪$output = '';
243  $i = 0;
244  $itoa64 = $this->‪getItoa64();
245  do {
246  $value = ord($input[$i++]);
247  ‪$output .= $itoa64[$value & 63];
248  if ($i < $count) {
249  $value |= ord($input[$i]) << 8;
250  }
251  ‪$output .= $itoa64[$value >> 6 & 63];
252  if ($i++ >= $count) {
253  break;
254  }
255  if ($i < $count) {
256  $value |= ord($input[$i]) << 16;
257  }
258  ‪$output .= $itoa64[$value >> 12 & 63];
259  if ($i++ >= $count) {
260  break;
261  }
262  ‪$output .= $itoa64[$value >> 18 & 63];
263  } while ($i < $count);
264  return ‪$output;
265  }
266 
274  protected function ‪getLengthBase64FromBytes(int $byteLength): int
275  {
276  // Calculates bytes in bits in base64
277  return (int)ceil($byteLength * 8 / 6);
278  }
279 }
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\__construct
‪__construct(array $options=[])
Definition: BlowfishPasswordHash.php:49
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\PREFIX
‪const PREFIX
Definition: BlowfishPasswordHash.php:35
‪TYPO3\CMS\Core\Crypto\PasswordHashing
Definition: AbstractArgon2PasswordHash.php:18
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\getItoa64
‪string getItoa64()
Definition: BlowfishPasswordHash.php:197
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\isAvailable
‪bool isAvailable()
Definition: BlowfishPasswordHash.php:86
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\getCountLog2
‪int getCountLog2(string $setting)
Definition: BlowfishPasswordHash.php:180
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\getLengthBase64FromBytes
‪int getLengthBase64FromBytes(int $byteLength)
Definition: BlowfishPasswordHash.php:273
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash
Definition: BlowfishPasswordHash.php:31
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\isValidSalt
‪bool isValidSalt(string $salt)
Definition: BlowfishPasswordHash.php:208
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\base64Encode
‪string base64Encode(string $input, int $count)
Definition: BlowfishPasswordHash.php:239
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\getHashedPassword
‪string getHashedPassword(string $password)
Definition: BlowfishPasswordHash.php:97
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\checkPassword
‪bool checkPassword(string $plainPW, string $saltedHashPW)
Definition: BlowfishPasswordHash.php:72
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\isValidSaltedPW
‪bool isValidSaltedPW(string $saltedPW)
Definition: BlowfishPasswordHash.php:131
‪$output
‪$output
Definition: annotationChecker.php:119
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\getGeneratedSalt
‪string getGeneratedSalt()
Definition: BlowfishPasswordHash.php:151
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:24
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\isHashUpdateNeeded
‪bool isHashUpdateNeeded(string $saltedPW)
Definition: BlowfishPasswordHash.php:118
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\applySettingsToSalt
‪string applySettingsToSalt(string $salt)
Definition: BlowfishPasswordHash.php:163
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface
Definition: PasswordHashInterface.php:25
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash\$options
‪array $options
Definition: BlowfishPasswordHash.php:39