1 <?php

2 namespace TYPO3\CMS\Saltedpasswords\Salt;

3 

26 class BlowfishSalt extends \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt {

27 

31  const HASH_COUNT = 7;

36  const MAX_HASH_COUNT = 17;

41  const MIN_HASH_COUNT = 4;

48  static protected $hashCount;

49 

56  static protected $maxHashCount;

57 

64  static protected $minHashCount;

65 

71  static protected $saltLengthBlowfish = 16;

72 

78  static protected $settingBlowfish = '$2a$';

79 

89  protected function applySettingsToSalt($salt) {

90  $saltWithSettings = $salt;

91  $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());

92  // salt without setting

93  if (strlen($salt) == $reqLenBase64) {

94  $saltWithSettings = $this->getSetting() . sprintf('%02u', $this->getHashCount()) . '$' . $salt;

95  }

96  return $saltWithSettings;

97  }

98 

105  protected function getCountLog2($setting) {

106  $countLog2 = NULL;

107  $setting = substr($setting, strlen($this->getSetting()));

108  $firstSplitPos = strpos($setting, '$');

109  // Hashcount existing

110  if ($firstSplitPos !== FALSE && $firstSplitPos <= 2 && is_numeric(substr($setting, 0, $firstSplitPos))) {

111  $countLog2 = (int)substr($setting, 0, $firstSplitPos);

112  }

113  return $countLog2;

114  }

115 

124  public function getHashCount() {

125  return isset(self::$hashCount) ? self::$hashCount : self::HASH_COUNT;

126  }

127 

136  public function getMaxHashCount() {

137  return isset(self::$maxHashCount) ? self::$maxHashCount : self::MAX_HASH_COUNT;

138  }

139 

145  public function isAvailable() {

146  return CRYPT_BLOWFISH;

147  }

148 

157  public function getMinHashCount() {

158  return isset(self::$minHashCount) ? self::$minHashCount : self::MIN_HASH_COUNT;

159  }

160 

169  public function getSaltLength() {

170  return self::$saltLengthBlowfish;

171  }

172 

181  public function getSetting() {

182  return self::$settingBlowfish;

183  }

184 

196  public function isHashUpdateNeeded($saltedPW) {

197  // Check whether this was an updated password.

198  if (strncmp($saltedPW, '$2', 2) || !$this->isValidSalt($saltedPW)) {

199  return TRUE;

200  }

201  // Check whether the iteration count used differs from the standard number.

202  $countLog2 = $this->getCountLog2($saltedPW);

203  return !is_NULL($countLog2) && $countLog2 < $this->getHashCount();

204  }

205 

215  public function isValidSalt($salt) {

216  $isValid = ($skip = FALSE);

217  $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());

218  if (strlen($salt) >= $reqLenBase64) {

219  // Salt with prefixed setting

220  if (!strncmp('$', $salt, 1)) {

221  if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {

222  $isValid = TRUE;

223  $salt = substr($salt, strrpos($salt, '$') + 1);

224  } else {

225  $skip = TRUE;

226  }

227  }

228  // Checking base64 characters

229  if (!$skip && strlen($salt) >= $reqLenBase64) {

230  if (preg_match('/^[' . preg_quote($this->getItoa64(), '/') . ']{' . $reqLenBase64 . ',' . $reqLenBase64 . '}$/', substr($salt, 0, $reqLenBase64))) {

231  $isValid = TRUE;

232  }

233  }

234  }

235  return $isValid;

236  }

237 

244  public function isValidSaltedPW($saltedPW) {

245  $isValid = FALSE;

246  $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;

247  if ($isValid) {

248  $isValid = $this->isValidSalt($saltedPW);

249  }

250  return $isValid;

251  }

252 

261  public function setHashCount($hashCount = NULL) {

262  self::$hashCount = !is_NULL($hashCount) && is_int($hashCount) && $hashCount >= $this->getMinHashCount() && $hashCount <= $this->getMaxHashCount() ? $hashCount : self::HASH_COUNT;

263  }

264 

273  public function setMaxHashCount($maxHashCount = NULL) {

274  self::$maxHashCount = !is_NULL($maxHashCount) && is_int($maxHashCount) ? $maxHashCount : self::MAX_HASH_COUNT;

275  }

276 

285  public function setMinHashCount($minHashCount = NULL) {

286  self::$minHashCount = !is_NULL($minHashCount) && is_int($minHashCount) ? $minHashCount : self::MIN_HASH_COUNT;

287  }

288 

289 }