3 * Implements the Pbkdf2Password class for the MediaWiki software.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
24 * A PBKDF2-hashed password
26 * This is a computationally complex password hash for use in modern applications.
27 * The number of rounds can be configured by $wgPasswordConfig['pbkdf2']['cost'].
31 class Pbkdf2Password
extends ParameterizedPassword
{
32 protected function getDefaultParams() {
34 'algo' => $this->config
['algo'],
35 'rounds' => $this->config
['cost'],
36 'length' => $this->config
['length']
40 protected function getDelimiter() {
44 protected function shouldUseHashExtension() {
45 return $this->config
['use-hash-extension'] ??
function_exists( 'hash_pbkdf2' );
48 public function crypt( $password ) {
49 if ( count( $this->args
) == 0 ) {
50 $this->args
[] = base64_encode( random_bytes( 16 ) );
53 if ( $this->shouldUseHashExtension() ) {
55 $this->params
['algo'],
57 base64_decode( $this->args
[0] ),
58 (int)$this->params
['rounds'],
59 (int)$this->params
['length'],
62 if ( !is_string( $hash ) ) {
63 throw new PasswordError( 'Error when hashing password.' );
66 $hashLenHash = hash( $this->params
['algo'], '', true );
67 if ( !is_string( $hashLenHash ) ) {
68 throw new PasswordError( 'Error when hashing password.' );
70 $hashLen = strlen( $hashLenHash );
71 $blockCount = ceil( $this->params
['length'] / $hashLen );
74 $salt = base64_decode( $this->args
[0] );
75 for ( $i = 1; $i <= $blockCount; ++
$i ) {
76 $roundTotal = $lastRound = hash_hmac(
77 $this->params
['algo'],
78 $salt . pack( 'N', $i ),
83 for ( $j = 1; $j < $this->params
['rounds']; ++
$j ) {
84 $lastRound = hash_hmac( $this->params
['algo'], $lastRound, $password, true );
85 $roundTotal ^
= $lastRound;
91 $hash = substr( $hash, 0, $this->params
['length'] );
94 $this->hash
= base64_encode( $hash );