fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 17:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix compatibility with PBKDF2 hashes with iteration counts that are not zero-padded

Browse source
This commit is contained in:
Kijin Sung 2021-03-14 00:26:15 +09:00
parent 715e8d781c
commit 72e7532764
2 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common/framework/password.php
View file

@ -229,7 +229,8 @@ class Password
$iterations = intval($parts[1], 10);
$key_length = strlen(base64_decode($parts[3]));
}
return self::pbkdf2($hashchain, $salt, $hash_algorithm, $iterations, $key_length);
$iterations_padding = ($salt === null || !isset($parts[1])) ? 7 : strlen($parts[1]);
return self::pbkdf2($hashchain, $salt, $hash_algorithm, $iterations, $key_length, $iterations_padding);
// phpass portable algorithm (must be used last)
case 'portable':
@ -407,9 +408,10 @@ class Password
* @param string $algorithm (optional)
* @param int $iterations (optional)
* @param int $length (optional)
* @param int $iterations_padding (optional)
* @return string
*/
public static function pbkdf2($password, $salt = null, $algorithm = 'sha512', $iterations = 16384, $length = 24)
public static function pbkdf2($password, $salt = null, $algorithm = 'sha512', $iterations = 16384, $length = 24, $iterations_padding = 7)
{
if ($salt === null)
{
@ -437,7 +439,7 @@ class Password
$hash = substr($output, 0, $length);
}
return $algorithm . ':' . sprintf('%07d', $iterations) . ':' . $salt . ':' . base64_encode($hash);
return $algorithm . ':' . str_pad($iterations, $iterations_padding, '0', STR_PAD_LEFT) . ':' . $salt . ':' . base64_encode($hash);
}
/**

7
tests/unit/framework/PasswordTest.php
View file

@ -128,6 +128,13 @@ class PasswordTest extends \Codeception\TestCase\Test
$salt = 'rtmIxdEUoWUk';
$hash = 'sha512:0016384:rtmIxdEUoWUk:1hrwGP3ScWvxslnqNFqyhM6Ddn4iYrwf';
$this->assertEquals($hash, Rhymix\Framework\Password::pbkdf2($password, $salt, 'sha512', 16384, 24));
$hash = 'sha512:16384:rtmIxdEUoWUk:1hrwGP3ScWvxslnqNFqyhM6Ddn4iYrwf';
$this->assertEquals($hash, Rhymix\Framework\Password::pbkdf2($password, $salt, 'sha512', 16384, 24, 5));
$salt = 'KpnA8ZAxvig32n7p2PnEjx4NN7gPpUQm';
$hash = 'sha1:12000:KpnA8ZAxvig32n7p2PnEjx4NN7gPpUQm:TeILMSF8ao/NVJ4wdk7lXDKQre9TUCht';
$this->assertEquals($hash, Rhymix\Framework\Password::pbkdf2($password, $salt, 'sha1', 12000, 24, 5));
}
public function testCountEntropyBits()