Subversion Repositories oidplus

Compare Revisions

No changes between revisions

Regard whitespace Rev 1102 → Rev 1103

/trunk/vendor/danielmarschall/php-sha3/README.md
2,7 → 2,7
 
Pure PHP implementation of SHA-3.
 
Extended version to support `hash_hmac`.
Extended version to support `hash_hmac` and `hash_pbkdf2`.
 
Original source can be found [here](https://github.com/0xbb/php-sha3).
 
28,6 → 28,9
Sha3::hash_hmac('', 'key', 512);
// 7539119b6367aa902bdc6f558d20c906d6acbd4aba3fd344eb08b0200144a1fa453ff6e7919962358be53f6db2a320d1852c52a3dea3e907070775f7a91f1282
 
Sha3::hash_pbkdf2('', 'salt', 100000, 512);
// 7539119b6367aa902bdc6f558d20c906d6acbd4aba3fd344eb08b0200144a1fa453ff6e7919962358be53f6db2a320d1852c52a3dea3e907070775f7a91f1282
 
Sha3::shake('', 128, 256);
// 7f9c2ba4e88f827d616045507605853ed73b8093f6efbc88eb1a6eacfa66ef26
 
/trunk/vendor/danielmarschall/php-sha3/src/Sha3.php
328,6 → 328,30
return self::hash($k_opad . self::hash($k_ipad . $message, $mdlen, true), $mdlen, $raw_output);
}
 
public static function hash_pbkdf2($password, $salt, $iterations, $mdlen, $length=0, $binary=false) {
// https://www.php.net/manual/en/function.hash-pbkdf2.php#118301
 
if (!is_numeric($iterations)) trigger_error(__FUNCTION__ . '(): expects parameter 3 to be long, ' . gettype($iterations) . ' given', E_USER_WARNING);
if (!is_numeric($length)) trigger_error(__FUNCTION__ . '(): expects parameter 4 to be long, ' . gettype($length) . ' given', E_USER_WARNING);
if ($iterations <= 0) trigger_error(__FUNCTION__ . '(): Iterations must be a positive integer: ' . $iterations, E_USER_WARNING);
if ($length < 0) trigger_error(__FUNCTION__ . '(): Length must be greater than or equal to 0: ' . $length, E_USER_WARNING);
 
$output = '';
$block_count = $length ? ceil($length / strlen(self::hash('', $mdlen, $binary))) : 1;
for ($i = 1; $i <= $block_count; $i++)
{
$last = $xorsum = self::hash_hmac($salt . pack('N', $i), $password, $mdlen, true);
for ($j = 1; $j < $iterations; $j++)
{
$xorsum ^= ($last = self::hash_hmac($last, $password, $mdlen, true));
}
$output .= $xorsum;
}
 
if (!$binary) $output = bin2hex($output);
return $length ? substr($output, 0, $length) : $output;
}
 
public static function shake($in, $security_level, $outlen, $raw_output = false)
{
if( ! in_array($security_level, [128, 256], true)) {
/trunk/vendor/danielmarschall/php_utils/vts_crypt.inc.php
3,7 → 3,7
/*
* ViaThinkSoft Modular Crypt Format 1.0 / vts_password_hash() / vts_password_verify()
* Copyright 2023 Daniel Marschall, ViaThinkSoft
* Revision 2023-02-27
* Revision 2023-02-28
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
48,6 → 48,7
ps = password + salt
sps = salt + password + salt
hmac = HMAC (salt is the key)
pbkdf2 = PBKDF2 (Additional param i= contains the number of iterations)
Like most Crypt-hashes, <salt> and <hash> are Radix64 coded
with alphabet './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' and no padding.
Link to the online specification:
138,41 → 139,85
}
}
 
function vts_crypt_hash($algo, $str_password, $str_salt, $ver='1', $mode='ps') {
function vts_crypt_hash($algo, $str_password, $str_salt, $ver='1', $mode='ps', $iterations=0/*default*/) {
if ($ver == '1') {
if ($mode == 'sp') {
$payload = $str_salt.$str_password;
if (($algo === 'sha3-512') && !in_array($algo, hash_algos()) && function_exists('sha3_512')) {
$bin_hash = sha3_512($payload, true);
$algo_supported_natively = in_array($algo, hash_algos());
if (!$algo_supported_natively && str_starts_with($algo, 'sha3-') && method_exists('\bb\Sha3\Sha3', 'hash')) {
$bits = explode('-',$algo)[1];
$bin_hash = \bb\Sha3\Sha3::hash($payload, $bits, true);
} else {
$bin_hash = hash($algo, $payload, true);
}
} else if ($mode == 'ps') {
$payload = $str_password.$str_salt;
if (($algo === 'sha3-512') && !in_array($algo, hash_algos()) && function_exists('sha3_512')) {
$bin_hash = sha3_512($payload, true);
$algo_supported_natively = in_array($algo, hash_algos());
if (!$algo_supported_natively && str_starts_with($algo, 'sha3-') && method_exists('\bb\Sha3\Sha3', 'hash')) {
$bits = explode('-',$algo)[1];
$bin_hash = \bb\Sha3\Sha3::hash($payload, $bits, true);
} else {
$bin_hash = hash($algo, $payload, true);
}
} else if ($mode == 'sps') {
$payload = $str_salt.$str_password.$str_salt;
if (($algo === 'sha3-512') && !in_array($algo, hash_algos()) && function_exists('sha3_512')) {
$bin_hash = sha3_512($payload, true);
$algo_supported_natively = in_array($algo, hash_algos());
if (!$algo_supported_natively && str_starts_with($algo, 'sha3-') && method_exists('\bb\Sha3\Sha3', 'hash')) {
$bits = explode('-',$algo)[1];
$bin_hash = \bb\Sha3\Sha3::hash($payload, $bits, true);
} else {
$bin_hash = hash($algo, $payload, true);
}
} else if ($mode == 'hmac') {
// Note: Actually, we should use hash_hmac_algos(), but this requires PHP 7.2, and we would like to stay compatible with PHP 7.0 for now
if (($algo === 'sha3-512') && !in_array($algo, hash_algos()) && function_exists('sha3_512_hmac')) {
$bin_hash = sha3_512_hmac($str_password, $str_salt, true);
if (version_compare(PHP_VERSION, '7.2.0') >= 0) {
$algo_supported_natively = in_array($algo, hash_hmac_algos());
} else {
$algo_supported_natively = in_array($algo, hash_algos());
}
if (!$algo_supported_natively && str_starts_with($algo, 'sha3-') && method_exists('\bb\Sha3\Sha3', 'hash_hmac')) {
$bits = explode('-',$algo)[1];
$bin_hash = \bb\Sha3\Sha3::hash_hmac($str_password, $str_salt, $bits, true);
} else {
$bin_hash = hash_hmac($algo, $str_password, $str_salt, true);
}
} else if ($mode == 'pbkdf2') {
$algo_supported_natively = in_array($algo, hash_algos());
if (!$algo_supported_natively && str_starts_with($algo, 'sha3-') && method_exists('\bb\Sha3\Sha3', 'hash_pbkdf2')) {
if ($iterations == 0) {
$iterations = 2000; // because userland implementations are much slower, we must choose a small value...
}
$bits = explode('-',$algo)[1];
$bin_hash = \bb\Sha3\Sha3::hash_pbkdf2($str_password, $str_salt, $iterations, $bits, 0, true);
} else {
throw new Exception("Invalid VTS crypt version 1 mode. Expect sp, ps, sps, or hmac.");
if ($iterations == 0) {
// Recommendations taken from https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
// I am not sure if these recommendations are correct. They write PBKDF2-HMAC-SHA1...
// Does this count for us, or does hash_pbkdf2() implement PBKDF2-SHA1 rather than PBKDF2-HMAC-SHA1?
if ($algo == 'sha3-512') $iterations = 100000;
else if ($algo == 'sha3-384') $iterations = 100000;
else if ($algo == 'sha3-256') $iterations = 100000;
else if ($algo == 'sha3-224') $iterations = 100000;
else if ($algo == 'sha512') $iterations = 210000; // value by owasp.org cheatcheat (28.02.2023)
else if ($algo == 'sha512/256') $iterations = 210000; // value by owasp.org cheatcheat (28.02.2023)
else if ($algo == 'sha512/224') $iterations = 210000; // value by owasp.org cheatcheat (28.02.2023)
else if ($algo == 'sha384') $iterations = 600000;
else if ($algo == 'sha256') $iterations = 600000; // value by owasp.org cheatcheat (28.02.2023)
else if ($algo == 'sha224') $iterations = 600000;
else if ($algo == 'sha1') $iterations = 1300000; // value by owasp.org cheatcheat (28.02.2023)
else if ($algo == 'md5') $iterations = 5000000;
else $iterations = 5000;
}
$bin_hash = hash_pbkdf2($algo, $str_password, $str_salt, $iterations, 0, true);
}
} else {
throw new Exception("Invalid VTS crypt version 1 mode. Expect sp, ps, sps, hmac, or pbkdf2.");
}
$bin_salt = $str_salt;
return crypt_modular_format_encode(OID_MCF_VTS_V1, $bin_salt, $bin_hash, array('a'=>$algo,'m'=>$mode));
$params = array();
$params['a'] = $algo;
$params['m'] = $mode;
if ($mode == 'pbkdf2') $params['i'] = $iterations;
return crypt_modular_format_encode(OID_MCF_VTS_V1, $bin_salt, $bin_hash, $params);
} else {
throw new Exception("Invalid VTS crypt version, expect 1.");
}
188,11 → 233,22
$bin_salt = $data['salt'];
$bin_hash = $data['hash'];
$params = $data['params'];
 
if (!isset($params['a'])) throw new Exception('Param "a" (algo) missing');
$algo = $params['a'];
 
if (!isset($params['m'])) throw new Exception('Param "m" (mode) missing');
$mode = $params['m'];
 
if ($mode == 'pbkdf2') {
if (!isset($params['i'])) throw new Exception('Param "i" (iterations) missing');
$iterations = $params['i'];
} else {
$iterations = 0;
}
 
// Create a VTS MCF 1.0 hash based on the parameters of $hash and the password $password
$calc_authkey_1 = vts_crypt_hash($algo, $password, $bin_salt, $ver, $mode);
$calc_authkey_1 = vts_crypt_hash($algo, $password, $bin_salt, $ver, $mode, $iterations);
 
// We rewrite the MCF to make sure that they match (if params have the wrong order)
$calc_authkey_2 = crypt_modular_format_encode($id, $bin_salt, $bin_hash, $params);
272,9 → 328,10
$ver = '1';
$algo = isset($options['algo']) ? $options['algo'] : 'sha3-512';
$mode = isset($options['mode']) ? $options['mode'] : 'ps';
$iterations = isset($options['iterations']) ? $options['iterations'] : 0/*default*/;
$salt_len = isset($options['salt_length']) ? $options['salt_length'] : 50;
$salt = random_bytes_ex($salt_len, true, true);
return vts_crypt_hash($algo, $password, $salt, $ver, $mode);
return vts_crypt_hash($algo, $password, $salt, $ver, $mode, $iterations);
} else {
// Algorithms: PASSWORD_DEFAULT
// PASSWORD_BCRYPT
343,7 → 400,12
assert(vts_password_verify($password,vts_password_hash($password, PASSWORD_BLOWFISH)));
assert(vts_password_verify($password,vts_password_hash($password, PASSWORD_SHA256)));
assert(vts_password_verify($password,vts_password_hash($password, PASSWORD_SHA512)));
assert(vts_password_verify($password,vts_password_hash($password, PASSWORD_VTS_MCF1)));
assert(vts_password_verify($password,$debug = vts_password_hash($password, PASSWORD_VTS_MCF1, array(
'algo' => 'sha3-512',
'mode' => 'pbkdf2',
'iterations' => 5000
))));
echo "$debug\n";
assert(vts_password_verify($password,vts_password_hash($password, PASSWORD_DEFAULT)));
assert(vts_password_verify($password,vts_password_hash($password, PASSWORD_BCRYPT)));
if (defined('PASSWORD_ARGON2I'))
/trunk/vendor/danielmarschall/php_utils
Property changes:
Added: svn:ignore
+.phpstan.tmp
+phpstan.bat
+phpstan.phar